A visualization tool for evaluating access control policies in facebook-style social network systems

Anwar, Mohd; Fong, Philip W. L.

doi:10.1145/2245276.2232007

Cited by 33 publications

(41 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Regarding now the use of visual tools, this work [21] shows that users perform more accurate access control policy analysis with social network's style visualization tools, than without them. Such a strategy may be of use in PACVIM, because it is difficult for a user to mentally keep track of the topology of his/her constantly changing healthcare EHR network.…”

Section: Related Workmentioning

confidence: 93%

Envisioning secure and usable access control for patients

Ferreira

Lenzini

Santos-Pereira

et al. 2014

2014 IEEE 3nd International Conference on Serious Games and Applications for Health (SeGAH)

View full text Add to dashboard Cite

Abstract-Several pilot tests show that patients who are able to access their Electronic Health Records (EHR), become more responsible and involved in the maintenance of their health. However, despite technologically feasible and legally possible, there is no validated or standardized toolset available yet, for patients to review and manage their EHR. Many privacy, security and usability issues must be solved first before this practice can be made mainstream. This paper proposes and discusses the design of an access control visual application that addresses most of these issues, and offers patients a secure, controlled and easy access to their EHR.

show abstract

Section: Related Workmentioning

confidence: 93%

Envisioning secure and usable access control for patients

Ferreira

Lenzini

Santos-Pereira

et al. 2014

2014 IEEE 3nd International Conference on Serious Games and Applications for Health (SeGAH)

View full text Add to dashboard Cite

show abstract

“…of what has come to be known as relational policies [1]. We demonstrate, in Section 2, that a number of relational policies previously studied in the context of Facebook-style Social Network Systems [18] cannot be expressed in the policy language of Fong.…”

Section: A Distinguished Feature Of Rebac Is Its Extensive Usementioning

confidence: 99%

“…In an unpublished manuscript [1], Anwar et al identify a family of policies, called relational policies, the use of which distinguishes ReBAC from traditional access control paradigms. Intuitively, a relational policy is special in two ways.…”

Section: Relational Policiesmentioning

confidence: 99%

Relationship-based access control policies and their policy languages

Fong

Siahaan

2011

Proceedings of the 16th ACM Symposium on Access Control Models and Technologies

133

View full text Add to dashboard Cite

The Relationship-Based Access Control (ReBAC) model was recently proposed as a general-purpose access control model. It supports the natural expression of parameterized roles, the composition of policies, and the delegation of trust. Fong proposed a policy language that is based on Modal Logic for expressing and composing ReBAC policies. A natural question is whether such a language is representationally complete, that is, whether the language is capable of expressing all ReBAC policies that one is interested in expressing.In this work, we argue that the extensive use of what we call Relational Policies is what distinguishes ReBAC from traditional access control models. We show that Fong's policy language is representationally incomplete in that certain previously studied Relational Policies are not expressible in the language. We introduce two extensions to the policy language of Fong, and prove that the extended policy language is representationally complete with respect to a well-defined subclass of Relational Policies.

show abstract

“…Other research efforts provide users with tools that support them in comprehending and configuring access control policies [Rode et al 2006;Reeder et al 2008;Schlegel et al 2011;Anwar and Fong 2012]. The main difference among these tools is the type of visualization used to represent the policies.…”

Section: Usability and Transparencymentioning

confidence: 99%

“…1: Interactive interfaces for Policy Comprehension category (e.g., colleague, friend) to which the user belongs is revealed, while the identity of the user is kept private. Anwar and Fong [2012] adopt a mirror-looking metaphor where a profile owner is given a visual representation of its neighborhood. In particular, it can select a user and examine its profile from the perspective of the selected user.…”

Section: Usability and Transparencymentioning

confidence: 99%

Survey on Access Control for Community-Centered Collaborative Systems

2018

View full text Add to dashboard Cite

The last decades have seen a growing interest and demand for community-centered collaborative systems and platforms. These systems and platforms aim to provide an environment in which users can collaboratively create, share and manage resources. While offering attractive opportunities for online collaboration and information sharing, they also open several security and privacy issues. This has attracted several research efforts towards the design and implementation of novel access control solutions that can handle the complexity introduced by collaboration. Despite these efforts, transition to practice has been hindered by the lack of maturity of the proposed solutions. The access control mechanisms typically adopted by commercial collaborative systems like online social network websites and collaborative editing platforms, are still rather rudimentary and do not provide users with a sufficient control over their resources. This survey examines the growing literature on access control for collaborative systems centered on communities, and identifies the main challenges to be addressed in order to facilitate the adoption of collaborative access control solutions in real-life settings. Based on the literature study, we delineate a roadmap for future research in the area of access control for community-centered collaborative systems.

show abstract

A visualization tool for evaluating access control policies in facebook-style social network systems

Cited by 33 publications

References 22 publications

Envisioning secure and usable access control for patients

Envisioning secure and usable access control for patients

Relationship-based access control policies and their policy languages

Survey on Access Control for Community-Centered Collaborative Systems

Contact Info

Product

Resources

About