Enforcing Role-Based Access Control Policies in Web Services with UML and OCL (2009)
Karsten Sohr, Tanveer Mustafa, Xinyu Bao, Gail-joon Ahn
Role-based access control (RBAC) is a powerful means for laying out higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the...
Towards Realizing a Formal RBAC Model in Real Systems (2008)
There still exists an open question on how formal models can be fully realized in the system development phase. The Model Driven Development (MDD) approach has been recently introduced to deal with...
Analyzing and Managing Role-Based Access Control Policies (2008)
Karsten Sohr, Michael Drouineaud, Gail-joon Ahn, Martin Gogolla
Today more and more security-relevant data is stored on computer systems; security-critical business processes are mapped to their digital counterparts. This situation applies to various domains such...
Lawrence Teo, Gail-joon Ahn, Yuliang Zheng
Traditional network security technologies such as firewalls and intrusion detection systems usually work according to a static ruleset only. We believe that a better approach to network security can...
Intrusion Detection Force: An Infrastructure For Internet-Scale Intrusion Detection (2008)
Lawrence Teo, Yuliang Zheng, Gail-joon Ahn
Intrusion Detection Systems (IDSs) are usually deployed within the confines of an organization. There is usually no exchange of information between an IDS in one organization with those in other...
Collecting and Analyzing Bots in a Systematic Honeynet-based Testbed Environment (2008)
Napoleon C. Paxton, Gail-joon Ahn, Richard Kelly, Kevin Pearson, Bei-tseng Chu
Abstract- Networks of compromised machines called botnets are one of the most threatening adversaries over the Internet due in large part to the difficulty of identifying botnet traffic patterns. We...
Infrastructures: The DITSCAP Automation Study (2008)
Seok Won Lee, Gail-joon Ahn, Robin A. G, Copyright Seok, Won Lee, Gail-joon Ahn, ...
Abstract. Recent advances in information technology have transformed the way in which mission-critical services get delivered and are evaluated today. These services are heavily and increasingly...
Role-based Authorization Constraints Specification Using Object Constraint Language (2008)
Rbac Taskforce, Steve Wagner, Mike Davis Cissp, Coyne Phd, Sepideh Khosravifar, Suzanne Webb, ...
University Per Ahn and Shin, the purpose of access control is to limit the actions on a computer system that a legitimate user can perform. Role-based access control or “RBAC, ” has generated...
Role-based Privilege and Trust Management (2008)
Abstract. The Internet provides tremendous connectivity and information sharing capability which organizations can use for their competitive advantage. However, we still observe security challenges...
Certification Infrastructure (2008)
Dongwan Shin, Gail-joon Ahn, Sangrae Cho
As web-based applications are prevailing, enterprises have an urgent need of a unified mechanism to support authentication and authorization for the resources that their web-based applications...
Decentralized Group Hierarchies in UNIX: An Experiment and Lessons Learned (2008)
ABSTRACT Unix includes a simple group mechanism for access control. In this paper we describe an experiment to extend this mechanism in two signi cant ways that are valuable in managing group-based...
Access Control Management for SCADA Systems (2008)
HONG, Seng-Phil, AHN, Gail-Joon, XU, Wenjuan
The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on...
Decentralized User Group Assignment in Windows NT (2007)
The notion of groups in Windows NT is much like that in other operating systems. Rather than set user and le rights individually for each and every user, the administrator can give rights to various...
Joon S. Park, Gail-joon Ahn, Ravi Sandhu
sandhuCgmu.edu This paper gives a framework for how to leverage Lightweight Directory Access Protocol (LDAP) to implement Role-based Access Control (RBAC) on the Web in the server-pull architecture....
Specification and validation of authorisation constraints using UML and OCL (2005)
Karsten Sohr, Gail-joon Ahn, Martin Gogolla, Lars Migge
Abstract. Authorisation constraints can help the policy architect design and express higher-level security policies for organisations such as financial institutes or governmental agencies. Although...
Role-based authorization constraints specification (2000)
The purpose of access control is to limit the actions on a computer system that a legitimate user can perform. The role-based access control (RBAC) has generated great interest in the security...
Role-based authorization constraints specification (2000)
Constraints are an important aspect of role-based access control (RBAC) and are often regarded as one of the principal motivations behind RBAC. Although the importance of constraints in RBAC has been...
Injecting RBAC to Secure a Web-based Workflow System (2000)
Gail-joon Ahn, Ravi Sandhu, Myong Kang, Joon Park
Web-based workflow systems have recently received much attention because they can support dynamic business processes over heterogeneous computing systems. Most existing web-based workflow systems,...
Injecting RBAC to Secure a Web-based Workflow System (2000)
Gail-joon Ahn, Ravi Sandhu, Ravi S, Myong Kang, Joon Park
Web-based workflow systems have recently received much attention because they can support dynamic business processes over heterogeneous computing systems. Most existing web-based workflow systems,...
Role-based authorization constraints specification (2000)
Gail-joon Ahn, Michael E. Shin
Augmenting the access control model with expressions ensures that no access right is leaked to an authorized user. Constraints are an important aspect of role-based access control (RBAC). And the...
Role-based authorization constraints specification (2000)
Constraints are an important aspect of role-based access control (RBAC) and are often regarded as one of the principal motivations behind RBAC. Although the importance of constraints in RBAC has been...
The RSL99 Language for Role-Based Separation of Duty Constraints (1999)
Gail-joon Ahn, Ravi Sandhu, Ravi S
Separation of duty (SOD) is a fundamental technique for prevention of fraud and errors, known and practiced long before the existence of computers. It is discussed at several places in the...
The RSL99 Language for Role-Based Separation of Duty Constraints (1999)
Gail-joon Ahn, Ravi Sandhu, Ravi S
Separation of duty #SOD# is a fundamental technique for prevention of fraud and errors, known and practiced long before the existence of computers. It is discussed at several places in the...
The RSL99 language for role-based separation of duty constraints (1999)
Separation of duty (SOD) is a fundamental technique for prevention of fraud and errors, known and practiced long before the existence of computers. It is discussed at several places in the...
Decentralized Group Hierarchies in UNIX: An Experiment and Lessons Learned (1998)
Ravi Sandhu And, Ravi S, Gail-joon Ahn
Unix includes a simple group mechanism for access control. In this paper we describe an experiment to extend this mechanism in two signi#cant ways that are valuable in managing group-based access...
Decentralized Group Hierarchies in UNIX: An Experiment and Lessons Learned (1998)
Ravi Sandhu, Ravi S, Gail-joon Ahn
Unix includes a simple group mechanism for access control. In this paper we describe an experiment to extend this mechanism in two significant ways that are valuable in managing group-based access...
Group Hierarchies With Decentralized User Assignment In Windows NT (1998)
The notion of groups in Windows NT is much like that in other operating systems. Rather than set user and file rights individually for each and every user, the administrator can give rights to...
Portable User-Centric Identity Management (1970)
User-centric identity management has recently received significant attention for handling private and critical identity attributes. The notable idea of usercentric identity management allows users to...