1 / 5

Data and Applications Security Developments and Directions

This lecture discusses access control policies for data and applications security, including policies addressing confidentiality, privacy, and trust. It explores various models like Role-Based Access Control (RBAC), UCON, and DCON, and provides examples of policies for different application scenarios.

dawnc
Download Presentation

Data and Applications Security Developments and Directions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #5 Assignment #1 on Access Control and Policies February 2, 2009

  2. References • Lecture Notes • Text Book for Class • Additional Papers • RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman: Role-Based Access Control Models. IEEE Computer 29(2): 38-47 (1996) • UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1): 128-174 (2004) • http://delivery.acm.org/10.1145/510000/507722/p57-park.pdf?key1=507722&key2=2341065321&coll=ACM&dl=ACM&CFID=23616711&CFTOKEN=10325487 • DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multi-dimensional Characterization of Dissemination Control. POLICY 2004: 197-200 (IEEE)

  3. Problem #1 • Consider an example application (e.g., from healthcare, defense, financial) • Specify some meaningful policies for this application that address confidentiality, privacy and trust

  4. Problem #2 • Consider an example application where there is a need for organizations to share data • Example: Defense: Army, Navy, Air Force • Healthcare: Doctor, Hospital, Insurance company • Give meaningful security policies illustrating the need for organizations share data and yet having to enforce the policies • Policies may include confidentiality, privacy and trust

  5. Problem #3 • Read the papers on RBAC, UCON and DCON listed in this unit • For an example application (or applications) specify policies for RBAC, UCON and DCON

More Related