Privacy and Security (TOPS)


Search Issue
enter search term and/or author name


ACM Transactions on Information and System Security (TISSEC), Volume 13 Issue 3, July 2010

Editorial ESORICS 2007
Joachim Biskup, Javier Lopez
Article No.: 19
DOI: 10.1145/1805974.1805975

A logic for state-modifying authorization policies
Moritz Y. Becker, Sebastian Nanz
Article No.: 20
DOI: 10.1145/1805974.1805976

Administering and maintaining access control systems is a challenging task, especially in environments with complex and changing authorization requirements. A number of authorization logics have been proposed that aim at simplifying access control...

Security of multithreaded programs by compilation
Gilles Barthe, Tamara Rezk, Alejandro Russo, Andrei Sabelfeld
Article No.: 21
DOI: 10.1145/1805974.1805977

End-to-End security of mobile code requires that the code neither intentionally nor accidentally propagates sensitive information to an adversary. Although mobile code is commonly multithreaded low-level code, there lack enforcement mechanisms...

Combining fragmentation and encryption to protect privacy in data storage
Valentina Ciriani, Sabrina De Capitani Di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, Pierangela Samarati
Article No.: 22
DOI: 10.1145/1805974.1805978

The impact of privacy requirements in the development of modern applications is increasing very quickly. Many commercial and legal regulations are driving the need to develop reliable solutions for protecting sensitive information whenever it is...

Editorial SACMAT 2007
Bhavani Thuraisingham
Article No.: 23
DOI: 10.1145/1805974.1805979

Privacy-aware role-based access control
Qun Ni, Elisa Bertino, Jorge Lobo, Carolyn Brodie, Clare-Marie Karat, John Karat, Alberto Trombeta
Article No.: 24
DOI: 10.1145/1805974.1805980

In this article, we introduce a comprehensive framework supporting a privacy-aware access control mechanism, that is, a mechanism tailored to enforce access control to data containing personally identifiable information and, as such, privacy...

On the consistency of distributed proofs with hidden subtrees
Adam J. Lee, Kazuhiro Minami, Marianne Winslett
Article No.: 25
DOI: 10.1145/1805974.1805981

Previous work has shown that distributed authorization systems that fail to sample a consistent snapshot of the underlying system during policy evaluation are vulnerable to a number of attacks. Unfortuantely, the consistency enforcement solutions...

A logical specification and analysis for SELinux MLS policy
Boniface Hicks, Sandra Rueda, Luke St.Clair, Trent Jaeger, Patrick McDaniel
Article No.: 26
DOI: 10.1145/1805874.1805982

The SELinux mandatory access control (MAC) policy has recently added a multilevel security (MLS) model which is able to express a fine granularity of control over a subject's access rights. The problem is that the richness of the SELinux MLS model...

The role mining problem: A formal perspective
Jaideep Vaidya, Vijayalakshmi Atluri, Qi Guo
Article No.: 27
DOI: 10.1145/1805974.1805983

Devising a complete and correct set of roles has been recognized as one of the most important and challenging tasks in implementing role-based access control. A key problem related to this is the notion of goodness/interestingness—when is a...

A framework to enforce access control over data streams
Barbara Carminati, Elena Ferrari, Jianneng Cao, Kian Lee Tan
Article No.: 28
DOI: 10.1145/1805974.1805984

Although access control is currently a key component of any computational system, it is only recently that mechanisms to guard against unauthorized access to streaming data have started to be investigated. To cope with this lack, in this article,...