skip to main content
10.1145/2613087acmconferencesBook PagePublication PagessacmatConference Proceedingsconference-collections
SACMAT '14: Proceedings of the 19th ACM symposium on Access control models and technologies
ACM2014 Proceeding
Publisher:
  • Association for Computing Machinery
  • New York
  • NY
  • United States
Conference:
SACMAT '14: 19th ACM Symposium on Access Control Models and Technologies London Ontario Canada June 25 - 27, 2014
ISBN:
978-1-4503-2939-2
Published:
25 June 2014
Sponsors:
Next Conference
May 15 - 17, 2024
San Antonio , TX , USA
Bibliometrics
Skip Abstract Section
Abstract

It is our great pleasure to welcome you to the 19th ACM Symposium on Access Control Models and Technologies (SACMAT 2014). This year's symposium continues its tradition of being the premier forum for presentation of research results on leading edge issues of access control, including models, systems, applications, and theory, with an expanded scope to include cyber-physical systems, applications, systems, hardware, cloud computing, and usability.

58 papers have been submitted from a variety of countries around the world. Submissions were anonymous; each paper has been reviewed by at least four reviewers who are experts in the field. Extensive online discussions took place to make the selections for the symposium. The program committee finally accepted 17 papers that cover a variety of topics, including Privacy & Compliance, Policy Management & Enforcement, Systems & Information Flow, Policy Analysis, and Applications. The program again contains two demo sessions with four demos covering topics such as risk aware role mining, privacy, attribute based access control, and integrity in Linux. In addition, the program includes a panel on the challenges of access control in new computing domains, such as mobile, cloud, and cyber-physical systems, and two keynote talks by Dr. Ari Juels and Dr. Andrew Clement. We hope that these proceedings will serve as a valuable reference for security researchers and developers.

Skip Table Of Content Section
SESSION: Keynote I
keynote
A bodyguard of lies: the use of honey objects in information security

Decoy objects, often labeled in computer security with the term honey, are a powerful tool for compromise detection and mitigation. There has been little exploration of overarching theories or set of principles or properties, however. This short paper (...

SESSION: Enforcement and applications
research-article
Hardware-enhanced distributed access enforcement for role-based access control

The protection of information in enterprise and cloud platforms is growing more important and complex with increasing numbers of users who need to access resources with distinct permissions. Role-based access control (RBAC) eases administrative ...

research-article
An access control concept for novel automotive HMI systems

The relevance of graphical functions in vehicular applications has increased significantly during the few last years. Modern cars are equipped with multiple displays used by different applications such as speedometer or navigation system. However, so ...

research-article
Monitor placement for large-scale systems

System administrators employ network monitors, such as traffic analyzers, network intrusion prevention systems, and firewalls, to protect the network's hosts from remote adversaries. The problem is that vulnerabilities are caused primarily by errors in ...

SESSION: Policy analytics
research-article
Anomaly detection and visualization in generative RBAC models

With the wide use of Role-based Access Control (RBAC), the need for monitoring, evaluation, and verification of RBAC implementations (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is evident. In this ...

research-article
Reduction of access control decisions

Access control has been proposed as "the" solution to prevent unauthorized accesses to sensitive system resources. Historically, access control models use a two-valued decision set to indicate whether an access should be granted or denied. Many access ...

research-article
Sorting out role based access control

Role-based access control (RBAC) is a popular framework for modelling access control rules. In this paper we identify a fragment of RBAC called bi-sorted role based access control (RBAC). We start from the observation that "classic" RBAC blends together ...

SESSION: Systems
research-article
Towards more usable information flow policies for contemporary operating systems

There has been a resurgence of interest in information flow based techniques in security. A key attraction of these techniques is that they can provide strong, principled protection against malware, regardless of its sophistication. In spite of this ...

research-article
Attribute based access control for APIs in spring security

The widespread adoption of Application Programming Interfaces (APIs) by enterprises is changing the way business is done by permitting the implementation of a multitude of apps, customized to user needs. While supporting a more flexible exploitation of ...

research-article
Comprehensive integrity protection for desktop linux

Information flow provides principled defenses against malware. It can provide system-wide integrity protection without requiring any program-specific understanding. Information flow policies have been around for 40+ years but they have not been explored ...

SESSION: Models and analysis
research-article
Game theoretic analysis of multiparty access control in online social networks

Existing online social networks (OSNs) only allow a single user to restrict access to her/his data but cannot provide any mechanism to enforce privacy concerns over data associated with multiple users. This situation leaves privacy conflicts largely ...

research-article
Scalable and precise automated analysis of administrative temporal role-based access control

Extensions of Role-Based Access Control (RBAC) policies taking into account contextual information (such as time and space) are increasingly being adopted in real-world applications. Their administration is complex since they must satisfy rapidly ...

research-article
Access control models for geo-social computing systems

A Geo-Social Computing System (GSCS) allows users to declare their current locations, and uses these declared locations to make authorization decisions. Recent years have seen the emergence of a new generation of social computing systems that are GSCSs. ...

PANEL SESSION: Panel
panel
What are the most important challenges for access control in new computing domains, such as mobile, cloud and cyber-physical systems?

We are seeing a significant shift in the types and characteristics of computing devices that are commonly used. Today, more smartphones are sold than personal computers. An area of rapid growth are also cloud systems; and our everyday lives are invaded ...

SESSION: Privacy and confidentiality
research-article
Limiting access to unintentionally leaked sensitive documents using malware signatures

Organizations are repeatedly embarrassed when their sensitive digital documents go public or fall into the hands of adversaries, often as a result of unintentional or inadvertent leakage. Such leakage has been traditionally handled either by preventive ...

research-article
Optimized and controlled provisioning of encrypted outsourced data

Recent advances in encrypted outsourced databases support the direct processing of queries on encrypted data. Depend- ing on functionality (i.e. operators) required in the queries the database has to use different encryption schemes with different ...

research-article
User-centric identity as a service-architecture for eIDs with selective attribute disclosure

Unique identification and secure authentication of users are essential processes in numerous security-critical areas such as e-Government, e-Banking, or e-Business. Therefore, many countries (particularly in Europe) have implemented national eID ...

SESSION: Risk, redaction and RDF
research-article
Towards fine grained RDF access control

The Semantic Web is envisioned as the future of the current web, where the information is enriched with machine understandable semantics. According to the World Wide Web Consortium (W3C), "The Semantic Web provides a common framework that allows data to ...

research-article
Redaction based RDF access control language

We propose an access control language for securing RDF graphs which essentially leverages an underlying query language based redaction mechanism to provide fine grained RDF access control. The access control language presented is equipped with critical ...

research-article
A system for risk awareness during role mining

This paper demonstrates a proof-of-concept prototype that is able to automatically and effectively detect and report different types of risk factors during the process of role mining. A role mining platform is embedded within the tool so that different ...

SESSION: Keynote II
keynote
Re-thinking networked privacy, security, identity and access control in our surveillance states

Mass surveillance activities by the security agencies of the Five Eyes countries (e.g. NSA, CSEC, etc) pose a significant challenge to those who care about the privacy, security and other democratic rights related to our burgeoning digitally mediated ...

SESSION: New approaches
research-article
Path conditions and principal matching: a new approach to access control

Traditional authorization policies are user-centric, in the sense that authorization is defined, ultimately, in terms of user identities. We believe that this user-centric approach is inappropriate for many applications, and that what should determine ...

research-article
An actor-based, application-aware access control evaluation framework

To date, most work regarding the formal analysis of access control schemes has focused on quantifying and comparing the expressive power of a set of schemes. Although expressive power is important, it is a property that exists in an *absolute* sense, ...

research-article
Policy models to protect resource retrieval

Processes need a variety of resources from their operating environment in order to run properly, but adversary may control the inputs to resource retrieval or the end resource itself, leading to a variety of vulnerabilities. Conventional access control ...

Contributors
  • Western University
  • University of Waterloo
  • IBM Research
Index terms have been assigned to the content through auto-classification.

Recommendations

Acceptance Rates

SACMAT '14 Paper Acceptance Rate17of58submissions,29%Overall Acceptance Rate177of597submissions,30%
YearSubmittedAcceptedRate
SACMAT '19521223%
SACMAT '18501428%
SACMAT '17 Abstracts501428%
SACMAT '16551833%
SACMAT '15591729%
SACMAT '14581729%
SACMAT '13621931%
SACMAT '12731926%
SACMAT '09752432%
SACMAT '03632337%
Overall59717730%