Pietro Mazzoleni scite author profile

XACML is the OASIS standard language specifically aimed at the specification of authorization policies. While XACML fits well with the security requirements of a single enterprise (even if large and composed by multiple departments), it does not address the requirements of virtual enterprises in which several autonomous subjects collaborate by sharing their resources to provide better services to customers. In this article we highlight such limitation, and we propose an XACML extension, the policy integration algorithms, to address them. In the article we also present the implementation of a system that makes use of the policy integration algorithms to securely replicate information in a P2P-like environment. In our solution, the data replication process considers the policies specified by both the owners of the data shared and the peers sharing data storage.

show abstract

XACML policy integration algorithms

Mazzoleni

Bertino

Crispo

et al. 2006

View full text Add to dashboard Cite

A Chinese wall security model for decentralized workflow systems

Atluri¹,

Chun²,

Mazzoleni³

2001

View full text Add to dashboard Cite

Uniform Indexing for Geospatial Data and Authorizations

Atluri

Mazzoleni²

2003

View full text Add to dashboard Cite

High-resolution satellites are promising technologies to bolster global transparency by providing unprecedented access to accurate and timely information. A significant number in this satellite fleet are owned by private organizations, which can collect images of human activities and the environment, and make them commercially available around the globe. Uncontrolled dissemination of this information may have grave implications on national security and personal privacy, as some governments and private groups may exploit this information for aggressive purposes. Formal policies for prohibiting the release of imagery beyond a certain resolution, and notifying when an image crosses an international boundary or when such a request is made, are beginning to emerge. As such, there is a need for effective and efficient schemes for facilitating controlled dissemination of satellite imagery and the information products generated from it. Unlike conventional authorizations that can be implemented as access control lists, since authorizations on geospatial imagery involve spatial attributes, managing the authorization base and searching for authorizations based on the spatial extent require a spatial indexing structure. An access request thus requires a search on two index structures, one for the authorizations, and the other for the image database. In this paper, we propose an indexing structure, called RMXquadtree, that is capable of indexing multi-resolution satellite imagery and additionally allow representing authorizations on top of it. By employing a uniform index for both image database and authorization base, access requests can be processed more efficiently as only one index structure need to be traversed. We demonstrate how authorizations with privilege modes such as view and zoom-in can be implemented using the RMX -quadtree.

show abstract

Towards a Fine-Grained Access Control Model and Mechanisms for Semantic Databases

Franzoni

Mazzoleni

Valtolina

et al. 2007

View full text Add to dashboard Cite

A growing number of domains are adopting semantic models as a centralized gateway to heterogeneous data sources, or directly for modeling and managing relevant information. In such contexts, it is crucial to grant access to the semantic model and its data only to the authorized users. In this paper, we present a fine-grained access control model specifically tailored to semantic models. One of the relevant features of the model is the granularity of the resources that can be protected. Access control can be enforced at the level of both the model's concepts and the concepts' instances by means of a query rewriting strategy. The proposed model has been implemented adopting the XACML standard and the SeRQL query language; services exposed by the implementation can be used to transparetly integrate authorization into existing systems.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.