Ohad Shamir, Sivan Sabato, et al.
Theoretical Computer Science
Efforts to place vast information resources at the fingertips of each individual in large user populations must be balanced by commensurate attention to information protection. For centralized operational systems in controlled environments, external administrative controls may suffice. For distributed systems with less-structured tasks, more-diversified information, and a heterogeneous user set, the computing system must administer enterprise-chosen access control policies. One kind of resource is a digital library that emulates massive collections of paper and other physical media for clerical, engineering, and cultural applications. This article considers the security requirements for such libraries and proposes an access control method that mimics organizational practice by combining a subject tree with ad hoc role granting that controls privileges for many operations independently, that treats (all but one) privileged roles (e.g., auditor, security officer) like every other individual authorization, and that binds access control information to objects indirectly for scaling, flexibility, and reflexive protection. We sketch a realization and show that it will perform well, generalizes many deployed proposed access control policies, and permits individual data centers to implement other models economically and without disruption. © 1997 ACM.
Ohad Shamir, Sivan Sabato, et al.
Theoretical Computer Science
Fan Jing Meng, Ying Huang, et al.
ICEBE 2007
Daniel M. Bikel, Vittorio Castelli
ACL 2008
Minkyong Kim, Zhen Liu, et al.
INFOCOM 2008