Babak Sadighi scite author profile

Babak Sadighi

4Publications

33Citation Statements Received

33Citation Statements Given

How they've been cited

How they cite others

Affiliations

Rasool Akram Hospital, Kista Photonics Research Center, Swedish Institute

Publications

Order By: Most citations

Discretionary Overriding of Access Control in the Privilege Calculus

Rissanen

Sadighi

Sergot

View full text Add to dashboard Cite

We extend a particular access control framework, the Privilege Calculus, with a possibility to override denied access for increased flexibility in hard to define or unanticipated situations. We require the overrides to be audited and approved by appropriate managers. In order to automatically find the authorities who are able to approve an override, we present an algorithm for authority resolution. We are able to calculate from the access control policy who can approve an override without the need for any additional information.

show abstract

Overriding of Access Control in XACML

Alqatawna

Rissanen

Sadighi

2007

View full text Add to dashboard Cite

In a networked environment, information needs to be protected, therefore authorization and access control systems have been studied in the field of computer security for a long time, as a result of that, many access control mechanisms have been developed. Most of these mechanisms focused on how to define users' rights in a precise way to prevent any violation for the access control policy. To some degree classical access control models are not flexible; they either permit access or deny it completely. The access control decision is made based on the assumption that all access needs are known in advance, and these needs can be expressed by machine readable code. In many situations it's hard to predefine all the access needs, or even to express them in machine readable code. One example of such situation is an emergency case which can not be predictable. A discretionary overriding of access control mechanism is one way for handling such hard to define and unanticipated situations. The override mechanism gives the subject of the access control policy the possibility to override the denied decision, given that the subject should confirm the access (on his discretion), the access will be logged for auditing, and notification will be sent for the responsible authority. Since the override mechanism covers more access needs and helps in writing complete access control policy, the goal hers is introducing this mechanism in a standard way, which will make it applicable for wide range of applications and suitable for distributed systems where a common access control language is needed. In this thesis, the discretionary overriding of access control has been introduced in the standardized framework of the eXtensible Access Control Markup Language (XACML) which gives common language for expressing access control mechanisms. XACML has been extended to support the override mechanism. The override has been introduced as XACML obligation, and since XACML lacks a defined way for combining obligations, a new obligations-combining algorithm has been proposed. The proposed solution provides a general way for combining XACML obligations that can be used to create a chain of obligationscombining algorithms; each has its own purpose and particular type of obligations. As a proof of concept, the general solution has been implemented using Sun Microsystems open source of XACML. This helps in checking if the solution gives the intended result and if it works properly with different XACML components.

show abstract

Brain computed tomographic scan findings in acute opium overdose patients

Jamshidi

Sadighi

Ali

et al. 2013

The American Journal of Emergency Medicine

View full text Add to dashboard Cite

Owner-Based Role-Based Access Control OB-RBAC

Saffarian

Sadighi

2010

View full text Add to dashboard Cite

Administration of an access control model deals with the question of who is authorized to update policies defined on the basis of that model. One of the models whose administration has absorbed relatively large research is the Role-Based Access Control (RBAC) model. All the existing role-based administrative models fall into the category of administratorbased decentralized approach. In such an approach, a group of administrators are given firstly, the authority of updating authorizations for operative roles and secondly, the authority of delegating the previous right to other lower-level administrators. However, in organizations with informal and flexible structure, like academic and research-oriented organizations such a sharp distinction between administrative roles and operative roles might not exist. Here, each role may take part in both operative and administrative decisions such that more mission-oriented decisions are made by senior roles and more specialized-level decisions are made by junior roles. In this paper, we study a new class of access control model called Owner-Based Role-Based Access Control (OB-RBAC) which is suitable for such environments. The OB-RBAC model utilizes the advantages of both Discretionary Access Control (DAC) and RBAC. In particular, the OB-RBAC model builds a policy model which not only fulfills the organizational restrictions but enjoys the flexible administration of the DAC model.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Babak Sadighi

Discretionary Overriding of Access Control in the Privilege Calculus

Overriding of Access Control in XACML

Brain computed tomographic scan findings in acute opium overdose patients

Owner-Based Role-Based Access Control OB-RBAC

Contact Info

Product

Resources

About