Search

Your search keyword '"Bertino, E."' showing total 52 results
Start Over Author "Bertino, E." Database OAIster
52 results on '"Bertino, E."'

1. Children and coronavirus: The necessary search for a balance between the alleged risks and documented collateral damage [Bambini e coronavirus: La doverosa ricerca di un equilibrio tra i presunti rischi e i documentati danni collaterali]

Author

Tamburlini, G, Marchetti, F, Bertino, E, Bestetti, G, Biasucci, G, Biondi, A, Bonati, M, Brunelli, A, Corsello, G, Esposito, S, Fagioli, F, Farina, D, Gagliardi, L, Gangemi, M, Greco, L, Lanari, M, Lazzerini, M, Maggiore, G, Martelossi, S, Ramenghi, U, Piga, A, Selicorni, A, Spada, M, Ventura, A, Vicari, S, Zampino, G, Zanetto, F, Tamburlini G., Marchetti F., Bertino E., Bestetti G., Biasucci G., Biondi A., Bonati M., Brunelli A., Corsello G., Esposito S., Fagioli F., Farina D., Gagliardi L., Gangemi M., Greco L., Lanari M., Lazzerini M., Maggiore G., Martelossi S., Ramenghi U., Piga A., Selicorni A., Spada M., Ventura A., Vicari S., Zampino G., Zanetto F., Tamburlini, G, Marchetti, F, Bertino, E, Bestetti, G, Biasucci, G, Biondi, A, Bonati, M, Brunelli, A, Corsello, G, Esposito, S, Fagioli, F, Farina, D, Gagliardi, L, Gangemi, M, Greco, L, Lanari, M, Lazzerini, M, Maggiore, G, Martelossi, S, Ramenghi, U, Piga, A, Selicorni, A, Spada, M, Ventura, A, Vicari, S, Zampino, G, Zanetto, F, Tamburlini G., Marchetti F., Bertino E., Bestetti G., Biasucci G., Biondi A., Bonati M., Brunelli A., Corsello G., Esposito S., Fagioli F., Farina D., Gagliardi L., Gangemi M., Greco L., Lanari M., Lazzerini M., Maggiore G., Martelossi S., Ramenghi U., Piga A., Selicorni A., Spada M., Ventura A., Vicari S., Zampino G., and Zanetto F.

Published
2020

2. Antiviral oxysterols are present in human milk at diverse stages of lactation

Author

Civra, A, Leoni, V, Caccia, C, Sottemano, S, Tonetto, P, Coscia, A, Peila, C, Moro, G, Gaglioti, P, Bertino, E, Poli, G, Lembo, D, Civra A., Leoni V., Caccia C., Sottemano S., Tonetto P., Coscia A., Peila C., Moro G. E., Gaglioti P., Bertino E., Poli G., Lembo D., Civra, A, Leoni, V, Caccia, C, Sottemano, S, Tonetto, P, Coscia, A, Peila, C, Moro, G, Gaglioti, P, Bertino, E, Poli, G, Lembo, D, Civra A., Leoni V., Caccia C., Sottemano S., Tonetto P., Coscia A., Peila C., Moro G. E., Gaglioti P., Bertino E., Poli G., and Lembo D.

Abstract

Oxysterols are cholesterol oxidation derivatives. Those containing an additional hydroxyl group on the side chain of the cholesterol molecule result from a physiological enzymatic synthesis and include the majority of oxysterols present in the circulation. Among these, 25-hydroxycholesterol (25OHC) and 27-hydroxycholesterol (27OHC) are characterized by a broad antiviral activity and are now considered involved in the innate immune response against viruses. Despite the emerging role of these sterols in the innate antiviral defences, no data are available on their presence in human breast milk (BM) to date. In this study, we investigated the content of oxysterols of enzymatic synthesis in BM of twelve donor mothers at different stages of lactation (i.e. in colostrum, transitional milk, and mature milk) by gas chromatography-mass spectrometry analysis. The side-chain oxysterols 25OHC, 27OHC, and 24S-hydroxycholesterol (24SOHC) were actually present in BM in all stages of lactation, but the concentration of 27OHC showed a remarkable peak in colostrum. Antiviral assays revealed that all the colostrum samples contained 27OHC concentrations that were active in vitro against two relevant pediatric viral pathogens: the human rotavirus and the human rhinovirus. Overall, this study discloses new antiviral components of BM and suggests a passive transfer of these protective factors to the infant via breastfeeding, especially in the first few days of lactation.

Published
2019

6. Federated Learning for Coalition Operations

Author

Verma, D., Calo, S., Witherspoon, S., Bertino, E., Jabal, A. Abu, Swami, A., Cirincione, G., Julier, S., White, G., de Mel, G., Pearson, G., Verma, D., Calo, S., Witherspoon, S., Bertino, E., Jabal, A. Abu, Swami, A., Cirincione, G., Julier, S., White, G., de Mel, G., and Pearson, G.

Abstract

Machine Learning in coalition settings requires combining insights available from data assets and knowledge repositories distributed across multiple coalition partners. In tactical environments, this requires sharing the assets, knowledge and models in a bandwidth-constrained environment, while staying in conformance with the privacy, security and other applicable policies for each coalition member. Federated Machine Learning provides an approach for such sharing. In its simplest version, federated machine learning could exchange training data available among the different coalition members, with each partner deciding which part of the training data from other partners to accept based on the quality and value of the offered data. In a more sophisticated version, coalition partners may exchange models learnt locally, which need to be transformed, accepted in entirety or in part based on the quality and value offered by each model, and fused together into an integrated model. In this paper, we examine the challenges present in creating federated learning solutions in coalition settings, and present the different flavors of federated learning that we have created as part of our research in the DAIS ITA. The challenges addressed include dealing with varying quality of data and models, determining the value offered by the data/model of each coalition partner, addressing the heterogeneity in data representation, labeling and AI model architecture selected by different coalition members, and handling the varying levels of trust present among members of the coalition. We also identify some open problems that remain to be addressed to create a viable solution for federated learning in coalition environments., Comment: Presented at AAAI FSS-19: Artificial Intelligence in Government and Public Sector, Arlington, Virginia, USA

Published
2019

7. HyperSpark: A Data-Intensive Programming Environment for Parallel Metaheuristics

Author

Bertino E., Chang C.K., Chen P., Damiani E., Goul M., Oyama K., Ciavotta, M, Krstic, S, Tamburri, D, Van Den Heuvel, W, Ciavotta M., Krstic S., Tamburri D. A., Van Den Heuvel W. -J., Bertino E., Chang C.K., Chen P., Damiani E., Goul M., Oyama K., Ciavotta, M, Krstic, S, Tamburri, D, Van Den Heuvel, W, Ciavotta M., Krstic S., Tamburri D. A., and Van Den Heuvel W. -J.

Abstract

Metaheuristics are search procedures used to solve complex, often intractable problems for which other approaches are unsuitable or unable to provide solutions in reasonable times. Although computing power has grown exponentially with the onset of Cloud Computing and Big Data platforms, the domain of metaheuristics has not yet taken full advantage of this new potential. In this paper, we address this gap by proposing HyperSpark, an optimization framework for the scalable execution of user-defined, computationally-intensive heuristics. We designed HyperSpark as a flexible tool meant to harness the benefits (e.g., scalability by design) and features (e.g., a simple programming model or ad-hoc infrastructure tuning) of state-of-the-art big data technology for the benefit of optimization methods. We elaborate on HyperSpark and assess its validity and generality on a library implementing several metaheuristics for the Permutation Flow-Shop Problem (PFSP). We observe that HyperSpark results are comparable with the best tools and solutions from the literature. We conclude that our proof-of-concept shows great potential for further research and practical use.

Published
2019

8. Enteral Nutrition Tolerance and REspiratory Support (ENTARES) Study in preterm infants: Study protocol for a randomized controlled trial

Author

Cresi, F., Maggiora, E., Borgione, S. M., Spada, E., Coscia, Emanuele, Bertino, E., Meneghin, F., Corvaglia, L. T., Ventura, M. L., Lista, G., Mosca, F., Orsi, A., Mercadante, D., Martinelli, S., Ilardi, L., Proto, A., Gatto, S., Aceti, A., Sandri, F., Chakrokh, R., Laforgia, N., Di Mauro, A., Baldassarre, M. E., Del Vecchio, A., Petrillo, F., Spalierno, M. P., Raimondi, F., Capasso, L., Palma, M., Farina, D., Campagnoli, M. F., Boetti, T., Logrippo, F., Agosti, M., Morlacchi, L., Perniciaro, S., Dani, C., Elia, S., Vento, Giovanni, Maggio, Luca, Stronati, M., Civardi, E., Lidia, G., Angela, B., Coscia A., Vento G. (ORCID:0000-0002-8132-5127), Maggio L. (ORCID:0000-0001-6358-7775), Cresi, F., Maggiora, E., Borgione, S. M., Spada, E., Coscia, Emanuele, Bertino, E., Meneghin, F., Corvaglia, L. T., Ventura, M. L., Lista, G., Mosca, F., Orsi, A., Mercadante, D., Martinelli, S., Ilardi, L., Proto, A., Gatto, S., Aceti, A., Sandri, F., Chakrokh, R., Laforgia, N., Di Mauro, A., Baldassarre, M. E., Del Vecchio, A., Petrillo, F., Spalierno, M. P., Raimondi, F., Capasso, L., Palma, M., Farina, D., Campagnoli, M. F., Boetti, T., Logrippo, F., Agosti, M., Morlacchi, L., Perniciaro, S., Dani, C., Elia, S., Vento, Giovanni, Maggio, Luca, Stronati, M., Civardi, E., Lidia, G., Angela, B., Coscia A., Vento G. (ORCID:0000-0002-8132-5127), and Maggio L. (ORCID:0000-0001-6358-7775)

Abstract

Background: Respiratory distress syndrome (RDS) and feeding intolerance are common conditions in preterm infants and among the major causes of neonatal mortality and morbidity. For many years, preterm infants with RDS have been treated with mechanical ventilation, increasing risks of acute lung injury and bronchopulmonary dysplasia. In recent years non-invasive ventilation techniques have been developed. Showing similar efficacy and risk of bronchopulmonary dysplasia, nasal continuous positive airway pressure (NCPAP) and heated humidified high-flow nasal cannula (HHHFNC) have become the most widespread techniques in neonatal intensive care units. However, their impact on nutrition, particularly on feeding tolerance and risk of complications, is still unknown in preterm infants. The aim of the study is to evaluate the impact of NCPAP vs HHHFNC on enteral feeding and to identify the most suitable technique for preterm infants with RDS. Methods: A multicenter randomized single-blind controlled trial was designed. All preterm infants with a gestational age of 25-29 weeks treated with NCPAP or HHHFNC for RDS and demonstrating stability for at least 48 h along with the compliance with inclusion criteria (age less than 7 days, need for non-invasive respiratory support, suitability to start enteral feeding) will be enrolled in the study and randomized to the NCPAP or HHHFNC arm. All patients will be monitored until discharge, and data will be analyzed according to an intention-to-treat model. The primary outcome is the time to reach full enteral feeding, while parameters of respiratory support, feeding tolerance, and overall health status will be evaluated as secondary outcomes. The sample size was calculated at 141 patients per arm. Discussion: The identification of the most suitable technique (NCPAP vs HHHFNC) for preterm infants with feeding intolerance could reduce gastrointestinal complications, improve growth, and reduce hospital length of stay, thus improving clinica

Published
2019

10. International estimated fetal weight standards of the INTERGROWTH-21st Project.

Author

Stirnemann, J, Stirnemann, J, Villar, J, Salomon, LJ, Ohuma, E, Ruyan, P, Altman, DG, Nosten, F, Craik, R, Munim, S, Cheikh Ismail, L, Barros, FC, Lambert, A, Norris, S, Carvalho, M, Jaffer, YA, Noble, JA, Bertino, E, Gravett, MG, Purwar, M, Victora, CG, Uauy, R, Bhutta, Z, Kennedy, S, Papageorghiou, AT, International Fetal and Newborn Growth Consortium for the 21st Century (INTERGROWTH-21st), Scientific Advisory Committee, Steering Committees, INTERGROWTH-21st, INTERBIO-21st, Executive Committee, In addition for INTERBIO 21st, Project Coordinating Unit, Data Analysis Group, Data Management Group, Ultrasound Group, In addition for INTERBIO-21st, Anthropometry Group, Laboratory Processing Group, Neonatal Group, Environmental Health Group, Neurodevelopment Group, Participating countries and local investigators, Stirnemann, J, Stirnemann, J, Villar, J, Salomon, LJ, Ohuma, E, Ruyan, P, Altman, DG, Nosten, F, Craik, R, Munim, S, Cheikh Ismail, L, Barros, FC, Lambert, A, Norris, S, Carvalho, M, Jaffer, YA, Noble, JA, Bertino, E, Gravett, MG, Purwar, M, Victora, CG, Uauy, R, Bhutta, Z, Kennedy, S, Papageorghiou, AT, International Fetal and Newborn Growth Consortium for the 21st Century (INTERGROWTH-21st), Scientific Advisory Committee, Steering Committees, INTERGROWTH-21st, INTERBIO-21st, Executive Committee, In addition for INTERBIO 21st, Project Coordinating Unit, Data Analysis Group, Data Management Group, Ultrasound Group, In addition for INTERBIO-21st, Anthropometry Group, Laboratory Processing Group, Neonatal Group, Environmental Health Group, Neurodevelopment Group, and Participating countries and local investigators

Abstract

ObjectiveEstimated fetal weight (EFW) and fetal biometry are complementary measures used to screen for fetal growth disturbances. Our aim was to provide international EFW standards to complement the INTERGROWTH-21st Fetal Growth Standards that are available for use worldwide.MethodsWomen with an accurate gestational-age assessment, who were enrolled in the prospective, international, multicenter, population-based Fetal Growth Longitudinal Study (FGLS) and INTERBIO-21st Fetal Study (FS), two components of the INTERGROWTH-21st Project, had ultrasound scans every 5 weeks from 9-14 weeks' until 40 weeks' gestation. At each visit, measurements of fetal head circumference (HC), biparietal diameter, occipitofrontal diameter, abdominal circumference (AC) and femur length (FL) were obtained blindly by dedicated research sonographers using standardized methods and identical ultrasound machines. Birth weight was measured within 12 h of delivery by dedicated research anthropometrists using standardized methods and identical electronic scales. Live babies without any congenital abnormality, who were born within 14 days of the last ultrasound scan, were selected for inclusion. As most births occurred at around 40 weeks' gestation, we constructed a bootstrap model selection and estimation procedure based on resampling of the complete dataset under an approximately uniform distribution of birth weight, thus enriching the sample size at extremes of fetal sizes, to achieve consistent estimates across the full range of fetal weight. We constructed reference centiles using second-degree fractional polynomial models.ResultsOf the overall population, 2404 babies were born within 14 days of the last ultrasound scan. Mean time between the last scan and birth was 7.7 (range, 0-14) days and was uniformly distributed. Birth weight was best estimated as a function of AC and HC (without FL) as log(EFW) = 5.084820 - 54.06633 × (AC/100)3 - 95.80076 × (AC/100)3 × log(AC/100) + 3.136370 × (HC/100

Published
2017

11. Private Cell Retrieval from Data Warehouses

Author

Yi, X, Paulet, R, Bertino, E, Xu, G, Yi, X, Paulet, R, Bertino, E, and Xu, G

Abstract

© 2015 IEEE. Publicly accessible data warehouses are an indispensable resource for data analysis. However, they also pose a significant risk to the privacy of the clients, since a data warehouse operator may follow the client's queries and infer what the client is interested in. Private information retrieval (PIR) techniques allow the client to retrieve a cell from a data warehouse without revealing to the operator which cell is retrieved and, therefore, protects the privacy of the client's queries. However, PIR cannot be used to hide online analytical processing (OLAP) operations performed by the client, which may disclose the client's interest. This paper presents a solution for private cell retrieval from a data warehouse on the basis of the Paillier cryptosystem. By our solution, the client can privately perform OLAP operations on the data warehouse and retrieve one (or more) cell without revealing any information about which cell is selected. In addition, we propose a solution for private block download on the basis of the Paillier cryptosystem. Our private block download allows the client to download an encrypted block from a data warehouse without revealing which block in a cloaking region is downloaded and improves the feasibility of our private cell retrieval. Our solutions ensure both the server's privacy and the client's privacy. Our experiments have shown that our solutions are practical.

Published
2016

12. Private Cell Retrieval from Data Warehouses

Author

Yi, X, Paulet, R, Bertino, E, Xu, G, Yi, X, Paulet, R, Bertino, E, and Xu, G

Abstract

© 2015 IEEE. Publicly accessible data warehouses are an indispensable resource for data analysis. However, they also pose a significant risk to the privacy of the clients, since a data warehouse operator may follow the client's queries and infer what the client is interested in. Private information retrieval (PIR) techniques allow the client to retrieve a cell from a data warehouse without revealing to the operator which cell is retrieved and, therefore, protects the privacy of the client's queries. However, PIR cannot be used to hide online analytical processing (OLAP) operations performed by the client, which may disclose the client's interest. This paper presents a solution for private cell retrieval from a data warehouse on the basis of the Paillier cryptosystem. By our solution, the client can privately perform OLAP operations on the data warehouse and retrieve one (or more) cell without revealing any information about which cell is selected. In addition, we propose a solution for private block download on the basis of the Paillier cryptosystem. Our private block download allows the client to download an encrypted block from a data warehouse without revealing which block in a cloaking region is downloaded and improves the feasibility of our private cell retrieval. Our solutions ensure both the server's privacy and the client's privacy. Our experiments have shown that our solutions are practical.

Published
2016

13. Robust Aggregation of Inconsistent Information

Author

Matei, S, Russell, M, Bertino, E, Ignjatovic, A, Rezvani, M, Allahbakhsh, M, Matei, S, Russell, M, Bertino, E, Ignjatovic, A, Rezvani, M, and Allahbakhsh, M

Abstract

The volume presents, in a synergistic manner, significant theoretical and practical contributions in the area of social media reputation and authorship measurement, visualization, and modeling.

Published
2015

14. Privacy-Preserving and Content-Protecting Location Based Queries

Author

Paulet, R., Kaosar, M.G., Yi, X., Bertino, E., Paulet, R., Kaosar, M.G., Yi, X., and Bertino, E.

Abstract

In this paper we present a solution to one of the location-based query problems. This problem is defined as follows: (i) a user wants to query a database of location data, known as Points Of Interest (POIs), and does not want to reveal his/her location to the server due to privacy concerns; (ii) the owner of the location data, that is, the location server, does not want to simply distribute its data to all users. The location server desires to have some control over its data, since the data is its asset. We propose a major enhancement upon previous solutions by introducing a two stage approach, where the first step is based on Oblivious Transfer and the second step is based on Private Information Retrieval, to achieve a secure solution for both parties. The solution we present is efficient and practical in many scenarios. We implement our solution on a desktop machine and a mobile device to assess the efficiency of our protocol. We also introduce a security model and analyse the security in the context of our protocol. Finally, we highlight a security weakness of our previous work and present a solution to overcome it.

Published
2014

15. Privacy-Preserving and Content-Protecting Location Based Queries

Author

Paulet, R., Kaosar, M.G., Yi, X., Bertino, E., Paulet, R., Kaosar, M.G., Yi, X., and Bertino, E.

Abstract

In this paper we present a solution to one of the location-based query problems. This problem is defined as follows: (i) a user wants to query a database of location data, known as Points Of Interest (POIs), and does not want to reveal his/her location to the server due to privacy concerns; (ii) the owner of the location data, that is, the location server, does not want to simply distribute its data to all users. The location server desires to have some control over its data, since the data is its asset. We propose a major enhancement upon previous solutions by introducing a two stage approach, where the first step is based on Oblivious Transfer and the second step is based on Private Information Retrieval, to achieve a secure solution for both parties. The solution we present is efficient and practical in many scenarios. We implement our solution on a desktop machine and a mobile device to assess the efficiency of our protocol. We also introduce a security model and analyse the security in the context of our protocol. Finally, we highlight a security weakness of our previous work and present a solution to overcome it.

Published
2014

16. Single-Database private information retrieval from fully homomorphic encryption

Author

Yi, X., Kaosar, M.G., Paulet, R., Bertino, E., Yi, X., Kaosar, M.G., Paulet, R., and Bertino, E.

Abstract

Private Information Retrieval (PIR) allows a user to retrieve the ith bit of an n-bit database without revealing to the database server the value of i. In this paper, we present a PIR protocol with the communication complexity of O(γ logn) bits, where -y is the ciphertext size. Furthermore, we extend the PIR protocol to a private block retrieval (PBR) protocol, a natural and more practical extension of PIR in which the user retrieves a block of bits, instead of retrieving single bit. Our protocols are built on the state-of-the-art fully homomorphic encryption (FHE) techniques and provide privacy for the user if the underlying FHE scheme is semantically secure. The total communication complexity of our PBR is O(γ logm + γn/m) bits, where m is the number of blocks. The total computation complexity of our PBR is O(m logm) modular multiplications plus O(n=2) modular additions. In terms of total protocol execution time, our PBR protocol is more efficient than existing PBR protocols which usually require to compute O(n=2) modular multiplications when the size of a block in the database is large and a high-speed network is available.

Published
2013

17. Comparative eye tracking of experts and novices in web single sign-on

Author

Park, J, Bauer, L, Sandhu, R, Bertino, E, Arianezhad, Majid, Camp, L. Jean, Kelley, Timothy, Stebila, Douglas, Park, J, Bauer, L, Sandhu, R, Bertino, E, Arianezhad, Majid, Camp, L. Jean, Kelley, Timothy, and Stebila, Douglas

Abstract

Security indicators in web browsers alert users to the presence of a secure connection between their computer and a web server; many studies have shown that such indicators are largely ignored by users in general. In other areas of computer security, research has shown that technical expertise can decrease user susceptibility to attacks. In this work, we examine whether computer or security expertise affects use of web browser security indicators. Our study takes place in the context of web-based single sign-on, in which a user can use credentials from a single identity provider to login to many relying websites; single sign-on is a more complex, and hence more difficult, security task for users. In our study, we used eye trackers and surveyed participants to examine the cues individuals use and those they report using, respectively. Our results show that users with security expertise are more likely to self-report looking at security indicators, and eye-tracking data shows they have longer gaze duration at security indicators than those without security expertise. However, computer expertise alone is not correlated with recorded use of security indicators. In survey questions, neither experts nor novices demonstrate a good understanding of the security consequences of web-based single sign-on.

Published
2013

18. Private data warehouse queries

Author

Yi, X, Paulet, R, Bertino, E, Xu, G, Yi, X, Paulet, R, Bertino, E, and Xu, G

Abstract

Publicly accessible data warehouses are an indispensable resource for data analysis. But they also pose a significant risk to the privacy of the clients, since a data warehouse operator may follow the client's queries and infer what the client is interested in. Private Information Retrieval (PIR) techniques allow the client to retrieve a cell from a data warehouse without revealing to the operator which cell is retrieved. However, PIR cannot be used to hide OLAP operations performed by the client, which may disclose the client's interest. This paper presents a solution for private data warehouse queries on the basis of the Boneh-Goh-Nissim cryptosystem which allows one to evaluate any multi-variate polynomial of total degree 2 on ciphertexts. By our solution, the client can perform OLAP operations on the data warehouse and retrieve one (or more) cell without revealing any information about which cell is selected. Furthermore, our solution supports some types of statistical analysis on data warehouse, such as regression and variance analysis, without revealing the client's interest. Our solution ensures both the server's security and the client's security. Copyright 2013 ACM.

Published
2013

19. Private data warehouse queries

Author

Yi, X, Paulet, R, Bertino, E, Xu, G, Yi, X, Paulet, R, Bertino, E, and Xu, G

Abstract

Publicly accessible data warehouses are an indispensable resource for data analysis. But they also pose a significant risk to the privacy of the clients, since a data warehouse operator may follow the client's queries and infer what the client is interested in. Private Information Retrieval (PIR) techniques allow the client to retrieve a cell from a data warehouse without revealing to the operator which cell is retrieved. However, PIR cannot be used to hide OLAP operations performed by the client, which may disclose the client's interest. This paper presents a solution for private data warehouse queries on the basis of the Boneh-Goh-Nissim cryptosystem which allows one to evaluate any multi-variate polynomial of total degree 2 on ciphertexts. By our solution, the client can perform OLAP operations on the data warehouse and retrieve one (or more) cell without revealing any information about which cell is selected. Furthermore, our solution supports some types of statistical analysis on data warehouse, such as regression and variance analysis, without revealing the client's interest. Our solution ensures both the server's security and the client's security. Copyright 2013 ACM.

Published
2013

22. Cryptographic Key Management for Smart Power Grids - Approaches and Issues

Author

Nabeel, M., Zage, J., Kerr, S., Bertino, E., Kulatunga, N. Athula., Navaratne, U. Sudheera, Duren, M., Nabeel, M., Zage, J., Kerr, S., Bertino, E., Kulatunga, N. Athula., Navaratne, U. Sudheera, and Duren, M.

Abstract

The smart power grid promises to improve efficiency and reliability of power delivery. This report introduces the logical components, associated technologies, security protocols, and network designs of the system. Undermining the potential benefits are security threats, and those threats related to cyber security are described in this report. Concentrating on the design of the smart meter and its communication links, this report describes the ZigBee technology and implementation, and the communication between the smart meter and the collector node, with emphasis on security attributes. It was observed that many of the secure features are based on keys that must be maintained; therefore, secure key management techniques become the basis to securing the entire grid. The descriptions of current key management techniques are delineated, highlighting their weaknesses. Finally some initial research directions are outlined.

Published
2012

23. Towards defining semantic foundations for purpose-based privacy policies

Author

Sandhu, R, Bertino, E, Jafari, Mohammad, Wong, Philip, Safavi-Naini, Reihaneh, Barker, Ken, Sheppard, Nicholas, Sandhu, R, Bertino, E, Jafari, Mohammad, Wong, Philip, Safavi-Naini, Reihaneh, Barker, Ken, and Sheppard, Nicholas

Abstract

We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among other inter-related actions. Actions and their relationships can be modeled in the form of an action graph which is based on the business processes in a system. Accordingly, a modal logic and the corresponding model checking algorithm are developed for formal expression of purpose-based policies and verifying whether a particular system complies with them. It is also shown through various examples, how various typical purpose-based policies as well as some new policy types can be expressed and checked using our model.

Published
2011

24. Standing on the shoulders of ants: Stigmergy in the web

Author

Kumar, R, Bertino, E, Dipple, Aiden, Kumar, R, Bertino, E, and Dipple, Aiden

Abstract

Stigmergy is a biological term used when discussing insect or swarm behaviour, and describes a model supporting environmental communication separately from artefacts or agents. This phenomenon is demonstrated in the behavior of ants and their food gathering process when following pheromone trails, or similarly termites and their termite mound building process. What is interesting with this mechanism is that highly organized societies are achieved with a lack of any apparent management structure. Stigmergic behavior is implicit in the Web where the volume of users provides a self-organizing and self-contextualization of content in sites which facilitate collaboration. However, the majority of content is generated by a minority of the Web participants. A significant contribution from this research would be to create a model of Web stigmergy, identifying virtual pheromones and their importance in the collaborative process. This paper explores how exploiting stigmergy has the potential of providing a valuable mechanism for identifying and analyzing online user behavior recording actionable knowledge otherwise lost in the existing web interaction dynamics. Ultimately this might assist our building better collaborative Web sites.

Published
2011

26. Proceedings - 3rd International Conference on Advances in Human-Oriented and Personalized Mechanisms, Technologies and Services, CENTRIC 2010: Preface

Author

Dini, P, Hoffmann, M, Klyuev, V, Noll, J, Hariprakash, R, Petersen, F, Bruti, M, Cheng, K, Falk, R, Kumar, A, Bertino, E, Calabretto, S, Bennani, N, Egyed-Zsigmond, E, Viviani, M, Ibne Akram, H, Lenzini, G., Lenzini, G, Dini, P, Hoffmann, M, Klyuev, V, Noll, J, Hariprakash, R, Petersen, F, Bruti, M, Cheng, K, Falk, R, Kumar, A, Bertino, E, Calabretto, S, Bennani, N, Egyed-Zsigmond, E, Viviani, M, Ibne Akram, H, Lenzini, G., and Lenzini, G

Published
2010

27. Augmenting web service discovery by cognitive semantics and abduction

Author

Lim, E, Pasi, G, Berendt, B, Bertino, E, Baeza-Yates, R, Bruza, Peter, Barros, Alistair, Kaiser, Matthias, Lim, E, Pasi, G, Berendt, B, Bertino, E, Baeza-Yates, R, Bruza, Peter, Barros, Alistair, and Kaiser, Matthias

Abstract

We argue that web service discovery technology should help the user navigate a complex problem space by providing suggestions for services which they may not be able to formulate themselves as (s)he lacks the epistemic resources to do so. Free text documents in service environments provide an untapped source of information for augmenting the epistemic state of the user and hence their ability to search effectively for services. A quantitative approach to semantic knowledge representation is adopted in the form of semantic space models computed from these free text documents. Knowledge of the user’s agenda is promoted by associational inferences computed from the semantic space. The inferences are suggestive and aim to promote human abductive reasoning to guide the user from fuzzy search goals into a better understanding of the problem space surrounding the given agenda. Experimental results are discussed based on a complex and realistic planning activity.

Published
2009

28. Mining negative relevance feedback for information filtering

Author

Lim, E P, Pasi, G, Berendt, B, Bertino, E, Baeza-Yates, R, Li, Yuefeng, Algarni, Abdulmohsen, Wu, Sheng-Tang, Xu, Yue, Lim, E P, Pasi, G, Berendt, B, Bertino, E, Baeza-Yates, R, Li, Yuefeng, Algarni, Abdulmohsen, Wu, Sheng-Tang, and Xu, Yue

Abstract

It is a big challenge to clearly identify the boundary between positive and negative streams. Several attempts have used negative feedback to solve this challenge; however, there are two issues for using negative relevance feedback to improve the effectiveness of information filtering. The first one is how to select constructive negative samples in order to reduce the space of negative documents. The second issue is how to decide noisy extracted features that should be updated based on the selected negative samples. This paper proposes a pattern mining based approach to select some offenders from the negative documents, where an offender can be used to reduce the side effects of noisy features. It also classifies extracted features (i.e., terms) into three categories: positive specific terms, general terms, and negative specific terms. In this way, multiple revising strategies can be used to update extracted features. An iterative learning algorithm is also proposed to implement this approach on RCV1, and substantial experiments show that the proposed approach achieves encouraging performance.

Published
2009

29. Enhancing an incremental clustering algorithm for web page collections

Author

Lim, E, Pasi, G, Berendt, B, Bertino, E, Baeza-Yates, R, Shaw, Gavin, Xu, Yue, Lim, E, Pasi, G, Berendt, B, Bertino, E, Baeza-Yates, R, Shaw, Gavin, and Xu, Yue

Abstract

With the size and state of the Internet today, a good quality approach to organizing this mass of information is of great importance. Clustering web pages into groups of similar documents is one approach, but relies heavily on good feature extraction and document representation as well as a good clustering approach and algorithm. Due to the changing nature of the Internet, resulting in a dynamic dataset, an incremental approach is preferred. In this work we propose an enhanced incremental clustering approach to develop a better clustering algorithm that can help to better organize the information available on the Internet in an incremental fashion. Experiments show that the enhanced algorithm outperforms the original histogram based algorithm by up to 7.5%.

Published
2009

30. Believable electronic trading environments on the Web

Author

Baeza-Yates, R, Berendt, B, Bertino, E, Lim, EP, Pasi, G, Debenham, JK, Simoff, SJ, Baeza-Yates, R, Berendt, B, Bertino, E, Lim, EP, Pasi, G, Debenham, JK, and Simoff, SJ

Abstract

Contemporary Web-based electronic markets reflect the dominating content-based systems approach of Web 2.0. Though useful, these electronic markets are far from being believable trading places. Marketplace is where things and traders have presence, constituting a rich interaction space. The believability of the place depends on the believability of the presence and interactions in it, including the players behaviour and the narrative scenarios of the marketplace. This paper discusses what constitutes the believability of electronic marketplaces and presents the technologies that support it. Believability of electronic marketplaces can be described through three metaphors: marketplaces where people are, marketplaces that are alive and engaging, and market places where information is valuable and useful. The paper presents the core technologies that enable the perceivable believability of electronic marketplaces. It describes a demonstrable prototype of a Web-based electronic marketplace that integrates these technologies. This is part of a larger project that aims to make informed automated trading an enjoyable reality of Web 3.0.

Published
2009

31. Probabilistic relational models with relational uncertainty: an early study on web classification

Author

BaezaYates, R, Berendt, B, Bertino, E, Lim, EP, Pasi, G, Fersini, E, Archetti, F, Messina, V, FERSINI, ELISABETTA, ARCHETTI, FRANCESCO ANTONIO, MESSINA, VINCENZINA, BaezaYates, R, Berendt, B, Bertino, E, Lim, EP, Pasi, G, Fersini, E, Archetti, F, Messina, V, FERSINI, ELISABETTA, ARCHETTI, FRANCESCO ANTONIO, and MESSINA, VINCENZINA

Abstract

In the last decade, new approaches focused on modelling uncertainty over complex relational data have been developed. In this paper one of the most promising of such approaches, known as Probabilistic Relational Models (PRMs), has been investigated and extended in order to measure and include uncertainty over relationships. Our extension, called PRMs with Relational Uncertainty, has been evaluated on real-data for web document classification purposes. Experimental results shown the potentiality of the proposed methods of capturing the real "strength" of relationships and the capacity of including this information into the probability model

Published
2009

32. Believable electronic trading environments on the Web

Author

Baeza-Yates, R, Berendt, B, Bertino, E, Lim, EP, Pasi, G, Debenham, JK, Simoff, SJ, Baeza-Yates, R, Berendt, B, Bertino, E, Lim, EP, Pasi, G, Debenham, JK, and Simoff, SJ

Abstract

Contemporary Web-based electronic markets reflect the dominating content-based systems approach of Web 2.0. Though useful, these electronic markets are far from being believable trading places. Marketplace is where things and traders have presence, constituting a rich interaction space. The believability of the place depends on the believability of the presence and interactions in it, including the players behaviour and the narrative scenarios of the marketplace. This paper discusses what constitutes the believability of electronic marketplaces and presents the technologies that support it. Believability of electronic marketplaces can be described through three metaphors: marketplaces where people are, marketplaces that are alive and engaging, and market places where information is valuable and useful. The paper presents the core technologies that enable the perceivable believability of electronic marketplaces. It describes a demonstrable prototype of a Web-based electronic marketplace that integrates these technologies. This is part of a larger project that aims to make informed automated trading an enjoyable reality of Web 3.0.

Published
2009

35. Formal foundations for hybrid hierarchies in GTRBAC

Author

Joshi, JBD, Bertino, E, Ghafoor, A, Zhang, Y, Joshi, JBD, Bertino, E, Ghafoor, A, and Zhang, Y

Abstract

A role hierarchy defines permission acquisition and role-activation semantics through role - role relationships. It can be utilized for efficiently and effectively structuring functional roles of an organization having related access-control needs. The focus of this paper is the analysis of hybrid role hierarchies in the context of the generalized temporal role-based access control (GTRBAC) model that allows specification of a comprehensive set of temporal constraints on role, user-role, and role-permission assignments. We introduce the notion of uniquely activable set (UAS) associated with a role hierarchy that indicates the access capabilities of a user resulting from his membership to a role in the hierarchy. Identifying such a role set is essential, while making an authorization decision about whether or not a user should be allowed to activate a particular combination of roles in a single session. We formally show how UAS can be determined for a hybrid hierarchy. Furthermore, within a hybrid hierarchy, various hierarchical relations may be derived between an arbitrary pair of roles. We present a set of inference rules that can be used to generate all the possible derived relations that can be inferred from a specified set of hierarchical relations and show that it is sound and complete. We also present an analysis of hierarchy transformations with respect to role addition, deletion, and partitioning, and show how various cases of these transformations allow the original permission acquisition and role-activation semantics to be managed. The formal results presented here provide a basis for developing efficient security administration and management tools. © 2008 ACM.

Published
2008

36. Formal foundations for hybrid hierarchies in GTRBAC

Author

Joshi, JBD, Bertino, E, Ghafoor, A, Zhang, Y, Joshi, JBD, Bertino, E, Ghafoor, A, and Zhang, Y

Abstract

A role hierarchy defines permission acquisition and role-activation semantics through role - role relationships. It can be utilized for efficiently and effectively structuring functional roles of an organization having related access-control needs. The focus of this paper is the analysis of hybrid role hierarchies in the context of the generalized temporal role-based access control (GTRBAC) model that allows specification of a comprehensive set of temporal constraints on role, user-role, and role-permission assignments. We introduce the notion of uniquely activable set (UAS) associated with a role hierarchy that indicates the access capabilities of a user resulting from his membership to a role in the hierarchy. Identifying such a role set is essential, while making an authorization decision about whether or not a user should be allowed to activate a particular combination of roles in a single session. We formally show how UAS can be determined for a hybrid hierarchy. Furthermore, within a hybrid hierarchy, various hierarchical relations may be derived between an arbitrary pair of roles. We present a set of inference rules that can be used to generate all the possible derived relations that can be inferred from a specified set of hierarchical relations and show that it is sound and complete. We also present an analysis of hierarchy transformations with respect to role addition, deletion, and partitioning, and show how various cases of these transformations allow the original permission acquisition and role-activation semantics to be managed. The formal results presented here provide a basis for developing efficient security administration and management tools. © 2008 ACM.

Published
2008

39. X-GTRBAC: An XML-based policy specification framework and architecture for enterprise-wide access control

Author

Bhatti, R, Ghafoor, A, Bertino, E, Joshi, JBD, Bhatti, R, Ghafoor, A, Bertino, E, and Joshi, JBD

Abstract

Modern day enterprises exhibit a growing trend toward adoption of enterprise computing services for efficient resource utilization, scalability, and flexibility. These environments are characterized by heterogeneous, distributed computing systems exchanging enormous volumes of time-critical data with varying levels of access control in a dynamic business environment. The enterprises are thus faced with significant challenges as they endeavor to achieve their primary goals, and simultaneously ensure enterprise-wide secure interoperation among the various collaborating entities. Key among these challenges are providing effective mechanism for enforcement of enterprise policy across distributed domains, ensuring secure content-based access to enterprise resources at all user levels, and allowing the specification of temporal and nontemporal context conditions to support fine-grained dynamic access control. In this paper, we investigate these challenges, and present X-GTRBAC, an XML-based GTRBAC policy specification language and its implementation for enforcing enterprise-wide access control. Our specification language is based on the GTRBAC model that incorporates the content- and context-aware dynamic access control requirements of an enterprise. An X-GTRBAC system has been implemented as a Java application. We discuss the salient features of the specification language, and present the software architecture of our system. A comprehensive example is included to discuss and motivate the applicability of the X-GTRBAC framework to a generic enterprise environment. An application level interface for implementing the policy in the X-GTRBAC system is also provided to consolidate the ideas presented in the paper. © 2005 ACM.

Published
2005

40. X-GTRBAC: An XML-based policy specification framework and architecture for enterprise-wide access control

Author

Bhatti, R, Ghafoor, A, Bertino, E, Joshi, JBD, Bhatti, R, Ghafoor, A, Bertino, E, and Joshi, JBD

Abstract

Modern day enterprises exhibit a growing trend toward adoption of enterprise computing services for efficient resource utilization, scalability, and flexibility. These environments are characterized by heterogeneous, distributed computing systems exchanging enormous volumes of time-critical data with varying levels of access control in a dynamic business environment. The enterprises are thus faced with significant challenges as they endeavor to achieve their primary goals, and simultaneously ensure enterprise-wide secure interoperation among the various collaborating entities. Key among these challenges are providing effective mechanism for enforcement of enterprise policy across distributed domains, ensuring secure content-based access to enterprise resources at all user levels, and allowing the specification of temporal and nontemporal context conditions to support fine-grained dynamic access control. In this paper, we investigate these challenges, and present X-GTRBAC, an XML-based GTRBAC policy specification language and its implementation for enforcing enterprise-wide access control. Our specification language is based on the GTRBAC model that incorporates the content- and context-aware dynamic access control requirements of an enterprise. An X-GTRBAC system has been implemented as a Java application. We discuss the salient features of the specification language, and present the software architecture of our system. A comprehensive example is included to discuss and motivate the applicability of the X-GTRBAC framework to a generic enterprise environment. An application level interface for implementing the policy in the X-GTRBAC system is also provided to consolidate the ideas presented in the paper. © 2005 ACM.

Published
2005

41. A generalized temporal role-based access control model

Author

Joshi, JBD, Bertino, E, Latif, U, Ghafoor, A, Joshi, JBD, Bertino, E, Latif, U, and Ghafoor, A

Abstract

Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. In many practical scenarios, users may be restricted to assume roles only at predefined time periods. Furthermore, roles may only be invoked on prespecified intervals of time depending upon when certain actions are permitted. To capture such dynamic aspects of a role, a temporal RBAC (TRBAC) model has been recently proposed. However, the TRBAC model addresses the role enabling constraints only. In this paper, we propose a Generalized Temporal Role-Based Access Control (GTRBAC) model capable of expressing a wider range of temporal constraints. In particular, the model allows expressing periodic as well as duration constraints on roles, user-role assignments, and role-permission assignments. In an interval, activation of a role can further be restricted as a result of numerous activation constraints including cardinality constraints and maximum active duration constraints. The GTRBAC model extends the syntactic structure of the TRBAC model and its event and trigger expressions subsume those of TRBAC. Furthermore, GTRBAC allows expressing role hierarchies and separation of duty (SoD) constraints for specifying fine-grained temporal semantics. © 2005 IEEE.

Published
2005

42. Secure interoperation in a multidomain environment employing RBAC policies

Author

Shafiq, B, Joshi, JBD, Bertino, E, Ghafoor, A, Shafiq, B, Joshi, JBD, Bertino, E, and Ghafoor, A

Abstract

Multidomain application environments where distributed multiple organizations interoperate with each other are becoming a reality as witnessed by emerging Internet-based enterprise applications. Composition of a global coherent security policy that governs information and resource accesses in such environments is a challenging problem. In this paper, we propose a policy integration framework for merging heterogeneous Role-Based Access Control (RBAC) policies of multiple domains into a global access control policy. A key challenge in composition of this policy is the resolution of conflicts that may arise among the RBAC policies of individual domains. We propose an integer programming (IP)-based approach for optimal resolution of such conflicts. The optimality criterion is to maximize interdomain role accesses without exceeding the autonomy losses beyond the acceptable limit. © 2005 IEEE.

Published
2005

43. A generalized temporal role-based access control model

Author

Joshi, JBD, Bertino, E, Latif, U, Ghafoor, A, Joshi, JBD, Bertino, E, Latif, U, and Ghafoor, A

Abstract

Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. In many practical scenarios, users may be restricted to assume roles only at predefined time periods. Furthermore, roles may only be invoked on prespecified intervals of time depending upon when certain actions are permitted. To capture such dynamic aspects of a role, a temporal RBAC (TRBAC) model has been recently proposed. However, the TRBAC model addresses the role enabling constraints only. In this paper, we propose a Generalized Temporal Role-Based Access Control (GTRBAC) model capable of expressing a wider range of temporal constraints. In particular, the model allows expressing periodic as well as duration constraints on roles, user-role assignments, and role-permission assignments. In an interval, activation of a role can further be restricted as a result of numerous activation constraints including cardinality constraints and maximum active duration constraints. The GTRBAC model extends the syntactic structure of the TRBAC model and its event and trigger expressions subsume those of TRBAC. Furthermore, GTRBAC allows expressing role hierarchies and separation of duty (SoD) constraints for specifying fine-grained temporal semantics. © 2005 IEEE.

Published
2005

44. Secure interoperation in a multidomain environment employing RBAC policies

Author

Shafiq, B, Joshi, JBD, Bertino, E, Ghafoor, A, Shafiq, B, Joshi, JBD, Bertino, E, and Ghafoor, A

Abstract

Multidomain application environments where distributed multiple organizations interoperate with each other are becoming a reality as witnessed by emerging Internet-based enterprise applications. Composition of a global coherent security policy that governs information and resource accesses in such environments is a challenging problem. In this paper, we propose a policy integration framework for merging heterogeneous Role-Based Access Control (RBAC) policies of multiple domains into a global access control policy. A key challenge in composition of this policy is the resolution of conflicts that may arise among the RBAC policies of individual domains. We propose an integer programming (IP)-based approach for optimal resolution of such conflicts. The optimality criterion is to maximize interdomain role accesses without exceeding the autonomy losses beyond the acceptable limit. © 2005 IEEE.

Published
2005

45. X-GTRBAC: An XML-based policy specification framework and architecture for enterprise-wide access control

Author

Bhatti, R, Ghafoor, A, Bertino, E, Joshi, JBD, Bhatti, R, Ghafoor, A, Bertino, E, and Joshi, JBD

Abstract

Modern day enterprises exhibit a growing trend toward adoption of enterprise computing services for efficient resource utilization, scalability, and flexibility. These environments are characterized by heterogeneous, distributed computing systems exchanging enormous volumes of time-critical data with varying levels of access control in a dynamic business environment. The enterprises are thus faced with significant challenges as they endeavor to achieve their primary goals, and simultaneously ensure enterprise-wide secure interoperation among the various collaborating entities. Key among these challenges are providing effective mechanism for enforcement of enterprise policy across distributed domains, ensuring secure content-based access to enterprise resources at all user levels, and allowing the specification of temporal and nontemporal context conditions to support fine-grained dynamic access control. In this paper, we investigate these challenges, and present X-GTRBAC, an XML-based GTRBAC policy specification language and its implementation for enforcing enterprise-wide access control. Our specification language is based on the GTRBAC model that incorporates the content- and context-aware dynamic access control requirements of an enterprise. An X-GTRBAC system has been implemented as a Java application. We discuss the salient features of the specification language, and present the software architecture of our system. A comprehensive example is included to discuss and motivate the applicability of the X-GTRBAC framework to a generic enterprise environment. An application level interface for implementing the policy in the X-GTRBAC system is also provided to consolidate the ideas presented in the paper. © 2005 ACM.

Published
2005

46. PDL with preferences

Author

Bertino, E, Mileo, A, Provetti, A, Provetti, A., MILEO, ALESSANDRA, Bertino, E, Mileo, A, Provetti, A, Provetti, A., and MILEO, ALESSANDRA

Abstract

In the context of Network management, Chomicki, Lobo and Naqvi have defined the specification language Policy Description Language (PDL) and later extended it by introducing monitors: constraints on the actions that the network manager can execute simultaneously. This article proposes PPDL, an extension of PDL with Preferences, that allows the specification of user-defined preferences on how to apply monitors. The new language adopts Brewka's approach to preferences introducing the "x" ordered disjunction connective. We illustrate the feature of PPDL in two interesting application examples: i) the specification of "separation of duties" constraints on user/role assignments in a workflow scenario and ii) an architecture for Web services selection. Since PPDL (as well as PDL) policy specifications can be computed by means of translation into Answer Set programs, we are able to provide an integrated framework based on answer set programming inferential engine. © 2005 IEEE.

Published
2005

47. Access-control language for multidomain environments

Author

Joshi, JBD, Bhatti, R, Bertino, E, Ghafoor, A, Joshi, JBD, Bhatti, R, Bertino, E, and Ghafoor, A

Abstract

The XML Role-Based Access Control (X-RBAC) specification language addresses multidomain environments' policy-specification needs. X-RBAC is based on an extension of the widely accepted US National Institute of Standards and Technology role-based access-control (RBAC) model. In addition to allowing specification of RBAC policies and facilitating specification of timing constraints on roles and access requirements, X-RBAC provides a framework for specifying mediation policies in a multidomain environment where RBAC policies have been employed. © 2004 IEEE.

Published
2004

48. X-GTRBAC admin: A decentralized administration model for enterprise wide access control

Author

Bhatti, R, Joshi, JBD, Bertino, E, Ghafoor, A, Bhatti, R, Joshi, JBD, Bertino, E, and Ghafoor, A

Abstract

Access control in enterprises is a key research area in the realm of Computer Security because of the unique needs of the target enterprise. As the enterprise typically has large user and resource pools, administering the access control based on any framework could in itself be a daunting task. This work presents X-GTRBAC Admin, an administration model that aims at enabling policy administration within a large enterprise. In particular, it simplifies the process of user-to-role and permission-to-role assignments, and thus allows decentralization of the policy administration tasks. Secondly, it also allows for specifying the domain of authority of the system administrators, and hence provides mechanism to distribute the administrative authority over multiple domains within the enterprise. The paper also illustrates the applicability of the administrative concepts presented in our framework for enterprise-wide access control.

Published
2004

49. Access-control language for multidomain environments

Author

Joshi, JBD, Bhatti, R, Bertino, E, Ghafoor, A, Joshi, JBD, Bhatti, R, Bertino, E, and Ghafoor, A

Abstract

The XML Role-Based Access Control (X-RBAC) specification language addresses multidomain environments' policy-specification needs. X-RBAC is based on an extension of the widely accepted US National Institute of Standards and Technology role-based access-control (RBAC) model. In addition to allowing specification of RBAC policies and facilitating specification of timing constraints on roles and access requirements, X-RBAC provides a framework for specifying mediation policies in a multidomain environment where RBAC policies have been employed. © 2004 IEEE.

Published
2004

50. X-GTRBAC admin: A decentralized administration model for enterprise wide access control

Author

Bhatti, R, Joshi, JBD, Bertino, E, Ghafoor, A, Bhatti, R, Joshi, JBD, Bertino, E, and Ghafoor, A

Abstract

Access control in enterprises is a key research area in the realm of Computer Security because of the unique needs of the target enterprise. As the enterprise typically has large user and resource pools, administering the access control based on any framework could in itself be a daunting task. This work presents X-GTRBAC Admin, an administration model that aims at enabling policy administration within a large enterprise. In particular, it simplifies the process of user-to-role and permission-to-role assignments, and thus allows decentralization of the policy administration tasks. Secondly, it also allows for specifying the domain of authority of the system administrators, and hence provides mechanism to distribute the administrative authority over multiple domains within the enterprise. The paper also illustrates the applicability of the administrative concepts presented in our framework for enterprise-wide access control.

Published
2004

Catalog

Books, media, physical & digital resources
See catalog results