Elisa Bertino | Purdue University (original) (raw)

Papers by Elisa Bertino

Research paper thumbnail of Authorization Strategies for Virtualized Environments in Grid Computing Systems���

Abstract The development of adequate security solutions, and in particular of authentication and ... more Abstract The development of adequate security solutions, and in particular of authentication and authorization techniques, for grid computing systems is a challenging task. Recent trends of service oriented architectures (SOA), where users access grids through a science gateway���a web service that serves as a portal between users of a virtual organizations (VO) and the various computation resources, further complicate the authorization problem.

Research paper thumbnail of An execution model for multilevel secure workflows

Abstract Workflow management systems (WFMS) support the modeling and coordinated execution of pro... more Abstract Workflow management systems (WFMS) support the modeling and coordinated execution of processes within an organization. To coordinate the execution of the various activities (or tasks) in a workflow, task dependencies are specified among them. In a multilevel secure (MLS) workflow, tasks may belong to different security levels. Ensuring the task dependencies from the tasks at higher security levels to those at lower security level (high-to-low dependencies) may compromise security.

Research paper thumbnail of Extending the ODMG object model with triggers

Abstract We extend the standard for object-oriented databases, ODMG, with reactive features, by p... more Abstract We extend the standard for object-oriented databases, ODMG, with reactive features, by proposing a language for specifying triggers and defining its semantics. This extension has several implications, thus we make three different specific contributions.

Research paper thumbnail of Conditional privacy-aware role based access control

Privacy is considered critical for all organizations needing to manage individual related informa... more Privacy is considered critical for all organizations needing to manage individual related information. As such, there is an increasing need for access control models which can adequately support the specification and enforcement of privacy policies. In this paper, we propose a model, referred to as Conditional Privacy-aware Role Based Access Control (P-RBAC), which supports expressive condition languages and flexible relations among permission assignments for more complex privacy policies.

Research paper thumbnail of Privacy-preserving incremental data dissemination

Although the k-anonymity and ���-diversity models have led to a number of valuable privacy-protec... more Although the k-anonymity and ���-diversity models have led to a number of valuable privacy-protecting techniques and algorithms, the existing solutions are currently limited to static data release. That is, it is assumed that a complete dataset is available at the time of data release. This assumption implies a significant shortcoming, as in many applications data collection is rather a continual process.

Research paper thumbnail of Privacy-Preserving Fine-Grained Access Control in Public Clouds

Abstract With many economical benefits of cloud computing, many organizations have been consideri... more Abstract With many economical benefits of cloud computing, many organizations have been considering moving their information systems to the cloud. However, an important problem in public clouds is how to selectively share data based on fine-grained attribute based access control policies while at the same time assuring confidentiality of the data and preserving the privacy of users from the cloud.

Research paper thumbnail of Formal foundations for hybrid hierarchies in GTRBAC

Abstract A role hierarchy defines permission acquisition and role-activation semantics through ro... more Abstract A role hierarchy defines permission acquisition and role-activation semantics through role--role relationships. It can be utilized for efficiently and effectively structuring functional roles of an organization having related access-control needs. The focus of this paper is the analysis of hybrid role hierarchies in the context of the generalized temporal role-based access control (GTRBAC) model that allows specification of a comprehensive set of temporal constraints on role, user-role, and role-permission assignments.

Research paper thumbnail of An update protocol for XML documents in distributed and cooperative systems

Abstract Securing data is becoming a crucial need for most Internet-based applications. Whereas t... more Abstract Securing data is becoming a crucial need for most Internet-based applications. Whereas the problem of data confidentiality has been widely investigated, the problem of how to ensure that data, when moving among different parties, are modified only according to the stated policies has been so far not deeply investigated. In this paper, the authors proposed an approach supporting parallel and distributed secure updates to XML documents.

Research paper thumbnail of Viewpoints in object database systems

Research paper thumbnail of Efficient Privacy Preserving Protocols for Decentralized Computation of Reputation

ABSTRACT We present three different privacy preserving protocols for computing reputation. They v... more ABSTRACT We present three different privacy preserving protocols for computing reputation. They vary in strength in terms of preserving privacy, however, a common thread in all three protocols is that they are fully decentralized and efficient. Our protocols that are resilient against semi-honest adversaries and non-disruptive malicious adversaries have linear and loglinear communication complexity respectively. We evaluate our proposed protocols on data from the real web of trust of Advogato. org.

Research paper thumbnail of Location-Aware Authentication and Access Control Concepts and Issues

Abstract The paper first discusses motivations why taking into account location information in au... more Abstract The paper first discusses motivations why taking into account location information in authentication and access control is important. The paper then surveys current approaches to location-aware authentication, including the notion of context-based flexible authentication policies, and to location-aware access control, with focus on the GEO-RBAC model. Throughout the discussion, the paper identifies open research directions.

Research paper thumbnail of An access control system for a web map management service

Abstract In this paper, we present an access control model for spatial data on Web. Such a model ... more Abstract In this paper, we present an access control model for spatial data on Web. Such a model is based on the following assumptions: first, spatial data consist of objects with sharp boundaries located in a geographical space; second, data are manipulated through the operations provided by a Web map management service. The goal of the system is to control the way data are accessed by users having different profiles.

Research paper thumbnail of Policy framework for security and privacy management

Abstract Policies that address security and privacy are pervasive parts of both technical and soc... more Abstract Policies that address security and privacy are pervasive parts of both technical and social systems, and technology that enables both organizations and individuals to create and manage such policies is a critical need in information technology (IT). This paper describes the notion of end-to-end policy management and advances a framework that can be useful in understanding the commonality in IT security and privacy policy management.

Research paper thumbnail of MPGS: An interactive tool for the specification and generation of multimedia presentations

Abstract Multimedia presentations are composed of objects belonging to different data types such ... more Abstract Multimedia presentations are composed of objects belonging to different data types such as video, audio, text and image. An important aspect is that, quite often, the user defining a presentation needs to express sophisticated temporal and spatial constraints among the objects composing the presentation.

Research paper thumbnail of Static analysis of intensional databases in U-Datalog

Abstract Static analysis of declarative languages deals with the detection, at compile time, of p... more Abstract Static analysis of declarative languages deals with the detection, at compile time, of program properties that can be used to better understand the program semantics and to improve the efficiency of the program evaluation. In logical update languages, an interesting problem is the detection of situations that may lead to inconsistent updates(insertion and deletion of the same fact), generating non-deterministic behavior. The analysis of this problem for transactions based on set-oriented updates is not a simple task.

Research paper thumbnail of The SCIFC model for information flow control in web service composition

Abstract Existing Web service access control models focus on individual Web services, and do not ... more Abstract Existing Web service access control models focus on individual Web services, and do not consider service composition. In composite services, a major issue is information flow control. Critical information may flow from one service to another in a service chain through requests and responses and there is no mechanism for verifying that the flow complies with the access control policies.

Research paper thumbnail of Privacy-preserving enforcement of spatially aware RBAC

Abstract Several models for incorporating spatial constraints into role-based access control (RBA... more Abstract Several models for incorporating spatial constraints into role-based access control (RBAC) have been proposed, and researchers are now focusing on the challenge of ensuring such policies are enforced correctly. However, existing approaches have a major shortcoming, as they assume the server is trustworthy and require complete disclosure of sensitive location information by the user. In this work, we propose a novel framework and a set of protocols to solve this problem.

Research paper thumbnail of Auth-SL-a system for the specification and enforcement of quality-based authentication policies

This paper develops a language and a reference architecture supporting the management and enforce... more This paper develops a language and a reference architecture supporting the management and enforcement of authentication policies. Such language directly supports multi-factor authentication and the high level specification of authentication factors, in terms of conditions against the features of the various authentication mechanisms and modules.

Research paper thumbnail of Generic Methods in Deductive Object Databases

Abstract Deductive objects have been introduced in 3] to support declarative object speci cation ... more Abstract Deductive objects have been introduced in 3] to support declarative object speci cation in the database context taking advantage of the large body of results on Datalog-like language. However, the rigidity of logical languages does not re ect the exible programming style of object-oriented systems. For instance the application of the same method to di erent objects. In this paper we propose an extension based on variable labels that allow to express generic methods through rules.

Research paper thumbnail of A privacy-enhancing content-based publish/subscribe system using scalar product preserving transformations

Users of content-based publish/subscribe systems (CBPS) are interested in receiving data items wi... more Users of content-based publish/subscribe systems (CBPS) are interested in receiving data items with values that satisfy certain conditions. Each user submits a list of subscription specifications to a broker, which routes data items from publishers to users. When a broker receives a notification that contains a value from a publisher, it forwards it only to the subscribers whose requests match the value.

Research paper thumbnail of Authorization Strategies for Virtualized Environments in Grid Computing Systems���

Abstract The development of adequate security solutions, and in particular of authentication and ... more Abstract The development of adequate security solutions, and in particular of authentication and authorization techniques, for grid computing systems is a challenging task. Recent trends of service oriented architectures (SOA), where users access grids through a science gateway���a web service that serves as a portal between users of a virtual organizations (VO) and the various computation resources, further complicate the authorization problem.

Research paper thumbnail of An execution model for multilevel secure workflows

Abstract Workflow management systems (WFMS) support the modeling and coordinated execution of pro... more Abstract Workflow management systems (WFMS) support the modeling and coordinated execution of processes within an organization. To coordinate the execution of the various activities (or tasks) in a workflow, task dependencies are specified among them. In a multilevel secure (MLS) workflow, tasks may belong to different security levels. Ensuring the task dependencies from the tasks at higher security levels to those at lower security level (high-to-low dependencies) may compromise security.

Research paper thumbnail of Extending the ODMG object model with triggers

Abstract We extend the standard for object-oriented databases, ODMG, with reactive features, by p... more Abstract We extend the standard for object-oriented databases, ODMG, with reactive features, by proposing a language for specifying triggers and defining its semantics. This extension has several implications, thus we make three different specific contributions.

Research paper thumbnail of Conditional privacy-aware role based access control

Privacy is considered critical for all organizations needing to manage individual related informa... more Privacy is considered critical for all organizations needing to manage individual related information. As such, there is an increasing need for access control models which can adequately support the specification and enforcement of privacy policies. In this paper, we propose a model, referred to as Conditional Privacy-aware Role Based Access Control (P-RBAC), which supports expressive condition languages and flexible relations among permission assignments for more complex privacy policies.

Research paper thumbnail of Privacy-preserving incremental data dissemination

Although the k-anonymity and ���-diversity models have led to a number of valuable privacy-protec... more Although the k-anonymity and ���-diversity models have led to a number of valuable privacy-protecting techniques and algorithms, the existing solutions are currently limited to static data release. That is, it is assumed that a complete dataset is available at the time of data release. This assumption implies a significant shortcoming, as in many applications data collection is rather a continual process.

Research paper thumbnail of Privacy-Preserving Fine-Grained Access Control in Public Clouds

Abstract With many economical benefits of cloud computing, many organizations have been consideri... more Abstract With many economical benefits of cloud computing, many organizations have been considering moving their information systems to the cloud. However, an important problem in public clouds is how to selectively share data based on fine-grained attribute based access control policies while at the same time assuring confidentiality of the data and preserving the privacy of users from the cloud.

Research paper thumbnail of Formal foundations for hybrid hierarchies in GTRBAC

Abstract A role hierarchy defines permission acquisition and role-activation semantics through ro... more Abstract A role hierarchy defines permission acquisition and role-activation semantics through role--role relationships. It can be utilized for efficiently and effectively structuring functional roles of an organization having related access-control needs. The focus of this paper is the analysis of hybrid role hierarchies in the context of the generalized temporal role-based access control (GTRBAC) model that allows specification of a comprehensive set of temporal constraints on role, user-role, and role-permission assignments.

Research paper thumbnail of An update protocol for XML documents in distributed and cooperative systems

Abstract Securing data is becoming a crucial need for most Internet-based applications. Whereas t... more Abstract Securing data is becoming a crucial need for most Internet-based applications. Whereas the problem of data confidentiality has been widely investigated, the problem of how to ensure that data, when moving among different parties, are modified only according to the stated policies has been so far not deeply investigated. In this paper, the authors proposed an approach supporting parallel and distributed secure updates to XML documents.

Research paper thumbnail of Viewpoints in object database systems

Research paper thumbnail of Efficient Privacy Preserving Protocols for Decentralized Computation of Reputation

ABSTRACT We present three different privacy preserving protocols for computing reputation. They v... more ABSTRACT We present three different privacy preserving protocols for computing reputation. They vary in strength in terms of preserving privacy, however, a common thread in all three protocols is that they are fully decentralized and efficient. Our protocols that are resilient against semi-honest adversaries and non-disruptive malicious adversaries have linear and loglinear communication complexity respectively. We evaluate our proposed protocols on data from the real web of trust of Advogato. org.

Research paper thumbnail of Location-Aware Authentication and Access Control Concepts and Issues

Abstract The paper first discusses motivations why taking into account location information in au... more Abstract The paper first discusses motivations why taking into account location information in authentication and access control is important. The paper then surveys current approaches to location-aware authentication, including the notion of context-based flexible authentication policies, and to location-aware access control, with focus on the GEO-RBAC model. Throughout the discussion, the paper identifies open research directions.

Research paper thumbnail of An access control system for a web map management service

Abstract In this paper, we present an access control model for spatial data on Web. Such a model ... more Abstract In this paper, we present an access control model for spatial data on Web. Such a model is based on the following assumptions: first, spatial data consist of objects with sharp boundaries located in a geographical space; second, data are manipulated through the operations provided by a Web map management service. The goal of the system is to control the way data are accessed by users having different profiles.

Research paper thumbnail of Policy framework for security and privacy management

Abstract Policies that address security and privacy are pervasive parts of both technical and soc... more Abstract Policies that address security and privacy are pervasive parts of both technical and social systems, and technology that enables both organizations and individuals to create and manage such policies is a critical need in information technology (IT). This paper describes the notion of end-to-end policy management and advances a framework that can be useful in understanding the commonality in IT security and privacy policy management.

Research paper thumbnail of MPGS: An interactive tool for the specification and generation of multimedia presentations

Abstract Multimedia presentations are composed of objects belonging to different data types such ... more Abstract Multimedia presentations are composed of objects belonging to different data types such as video, audio, text and image. An important aspect is that, quite often, the user defining a presentation needs to express sophisticated temporal and spatial constraints among the objects composing the presentation.

Research paper thumbnail of Static analysis of intensional databases in U-Datalog

Abstract Static analysis of declarative languages deals with the detection, at compile time, of p... more Abstract Static analysis of declarative languages deals with the detection, at compile time, of program properties that can be used to better understand the program semantics and to improve the efficiency of the program evaluation. In logical update languages, an interesting problem is the detection of situations that may lead to inconsistent updates(insertion and deletion of the same fact), generating non-deterministic behavior. The analysis of this problem for transactions based on set-oriented updates is not a simple task.

Research paper thumbnail of The SCIFC model for information flow control in web service composition

Abstract Existing Web service access control models focus on individual Web services, and do not ... more Abstract Existing Web service access control models focus on individual Web services, and do not consider service composition. In composite services, a major issue is information flow control. Critical information may flow from one service to another in a service chain through requests and responses and there is no mechanism for verifying that the flow complies with the access control policies.

Research paper thumbnail of Privacy-preserving enforcement of spatially aware RBAC

Abstract Several models for incorporating spatial constraints into role-based access control (RBA... more Abstract Several models for incorporating spatial constraints into role-based access control (RBAC) have been proposed, and researchers are now focusing on the challenge of ensuring such policies are enforced correctly. However, existing approaches have a major shortcoming, as they assume the server is trustworthy and require complete disclosure of sensitive location information by the user. In this work, we propose a novel framework and a set of protocols to solve this problem.

Research paper thumbnail of Auth-SL-a system for the specification and enforcement of quality-based authentication policies

This paper develops a language and a reference architecture supporting the management and enforce... more This paper develops a language and a reference architecture supporting the management and enforcement of authentication policies. Such language directly supports multi-factor authentication and the high level specification of authentication factors, in terms of conditions against the features of the various authentication mechanisms and modules.

Research paper thumbnail of Generic Methods in Deductive Object Databases

Abstract Deductive objects have been introduced in 3] to support declarative object speci cation ... more Abstract Deductive objects have been introduced in 3] to support declarative object speci cation in the database context taking advantage of the large body of results on Datalog-like language. However, the rigidity of logical languages does not re ect the exible programming style of object-oriented systems. For instance the application of the same method to di erent objects. In this paper we propose an extension based on variable labels that allow to express generic methods through rules.

Research paper thumbnail of A privacy-enhancing content-based publish/subscribe system using scalar product preserving transformations

Users of content-based publish/subscribe systems (CBPS) are interested in receiving data items wi... more Users of content-based publish/subscribe systems (CBPS) are interested in receiving data items with values that satisfy certain conditions. Each user submits a list of subscription specifications to a broker, which routes data items from publishers to users. When a broker receives a notification that contains a value from a publisher, it forwards it only to the subscribers whose requests match the value.