2015 Proceeding- General Chair:
- Edgar Weippl,
- Program Chairs:
- Florian Kerschbaum,
- Adam J. Lee
It is our great pleasure to welcome you to the ACM Symposium on Access Control Models and Technologies (SACMAT 2015). This year's symposium continues its tradition of being the premier forum for presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The aims of the symposium are to share novel access control solutions that fulfil the needs of heterogeneous applications and environments, and to identify new directions for future research and development. SACMAT provides researchers and practitioners with a unique opportunity to share their perspectives with others interested in the various aspects of access control.
59 papers have been submitted from a variety of countries around the world. Submissions were anonymous; each paper has been reviewed by at least three reviewers who are experts in the field. Extensive online discussions took place to make the selections for the symposium. The program committee finally accepted 17 papers as full papers for presentation at the conference. The topics covered include policy analysis & management, specification & enforcement of access control in distributed environments, and applications of access control, but also expand into new areas such as software & systems security. The program contains a demo session with six additional demonstrations and a panel titled "Privacy and Access control, how are these two concepts related?".
This year we are very happy to welcome two well-known keynote speakers:
Challenges in Making Access Control Sensitive to the "Right" Contexts, Trent Jaeger (Pennsylvania State University, USA)
Post-Snowden Threat Models, Bart Preneel (KU Leuven and iMinds, Belgium)
A different country hosts the conference every year. The 2015 edition takes place in Vienna, Austria. We are very happy to host the 20th edition of the Symposium in Vienna and we tried to put together a special social program for you, which will give you the opportunity to share ideas with other researchers and practitioners from institutions around the world and see all the beautiful sights of Vienna. A highlight will be our exclusive Conference Dinner in the middle of the vineyards. Finally we also thank Yvonne Po for the great organization of social events and making Vienna one of the most enjoyable places for security conferences.
We hope that you will find this program interesting and thought-provoking. Enjoy SACMAT 2015 and Vienna!
Proceeding Downloads
Post-Snowden Threat Models
In June 2013 Edward Snowden leaked a large collection of documents that describe the capabilities and technologies of the NSA and its allies. Even to security experts the scale, nature and impact of some of the techniques revealed was surprising. A ...
Valued Workflow Satisfiability Problem
A workflow is a collection of steps that must be executed in some specific order to achieve an objective. A computerised workflow management system may enforce authorisation policies and constraints, thereby restricting which users can perform ...
Mohawk+T: Efficient Analysis of Administrative Temporal Role-Based Access Control (ATRBAC) Policies
Safety analysis is recognized as a fundamental problem in access control. It has been studied for various access control schemes in the literature. Recent work has proposed an administrative model for Temporal Role-Based Access Control (TRBAC) policies ...
Automated Inference of Access Control Policies for Web Applications
In this paper, we present a novel, semi-automated approach to infer access control policies automatically for web-based applications. Our goal is to support the validation of implemented access control policies, even when they have not been clearly ...
Commune: Shared Ownership in an Agnostic Cloud
Cloud storage platforms promise a convenient way for users to share files and engage in collaborations, yet they require all files to have a single owner who unilaterally makes access control decisions. Existing clouds are, thus, agnostic to shared ...
SecLoc: Securing Location-Sensitive Storage in the Cloud
Cloud computing offers a wide array of storage services. While enjoying the benefits of flexibility, scalability and reliability brought by the cloud storage, cloud users also face the risk of losing control of their own data, in partly because they do ...
Mitigating Multi-Tenancy Risks in IaaS Cloud Through Constraints-Driven Virtual Resource Scheduling
A major concern in the adoption of cloud infrastructure-as-a-service (IaaS) arises from multi-tenancy, where multiple tenants share the underlying physical infrastructure operated by a cloud service provider. A tenant could be an enterprise in the ...
A Logical Approach to Restricting Access in Online Social Networks
Nowadays in popular online social networks users can blacklist some of their friends in order to disallow them to access resources that other non-blacklisted friends may access. We identify three independent binary decisions to utilize users' blacklists ...
Preventing Information Inference in Access Control
Technological innovations like social networks, personal devices and cloud computing, allow users to share and store online a huge amount of personal data. Sharing personal data online raises significant privacy concerns for users, who feel that they do ...
On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval
Attribute Based Access Control (ABAC) is becoming the reference model for the specification and evaluation of access control policies. In ABAC policies and access requests are defined in terms of pairs attribute names/values. The applicability of an ...
Challenges in Making Access Control Sensitive to the "Right" Contexts
Access control is a fundamental security mechanism that both protects processes from attacks and confines compromised processes that may try to propagate an attack. Nonetheless, we still see an ever increasing number of software vulnerabilities. ...
Relationship-Based Access Control for an Open-Source Medical Records System
Inspired by the access control models of social network systems, Relationship-Based Access Control (ReBAC) was recently proposed as a general-purpose access control paradigm for application domains in which authorization must take into account the ...
Federated Access Management for Collaborative Network Environments: Framework and Case Study
With the advent of various collaborative sharing mechanisms such as Grids, P2P and Clouds, organizations including private and public sectors have recognized the benefits of being involved in inter-organizational, multi-disciplinary, and collaborative ...
Fine-Grained Business Data Confidentiality Control in Cross-Organizational Tracking
With the support of the Internet of Things (IoT for short) technologies, tracking systems are being widely deployed in many companies and organizations in order to provide more efficient and trustworthy delivery services. Such systems usually support ...
A Prototype to Reduce the Amount of Accessible Information
Authorized insiders downloading mass data via their user interface are still a problem. In this paper a prototype to prevent mass data extractions is proposed. Access control models efficiently protect security objects but fail to define subsets of data ...
A SMT-based Tool for the Analysis and Enforcement of NATO Content-based Protection and Release Policies
NATO is developing a new IT infrastructure for automated information sharing between different information security domains and supporting dynamic and flexible enforcement of the need-to-know principle. In this context, the Content-based Protection and ...
Towards an Automatic Top-down Role Engineering Approach Using Natural Language Processing Techniques
Role Based Access Control (RBAC) is the most widely used model for access control due to the ease of administration as well as economic benefits it provides. In order to deploy an RBAC system, one requires to first identify a complete set of roles. This ...
Hard Instances for Verification Problems in Access Control
We address the generation and analysis of hard instances for verification problems in access control that are NP-hard. Given the customary assumption that P ≠ NP, we know that such classes exist. We focus on a particular problem, the user-authorization ...
Initial Encryption of large Searchable Data Sets using Hadoop
With the introduction and the widely use of external hosted infrastructures, secure storage of sensitive data becomes more and more important. There are systems available to store and query encrypted data in a database, but not all applications may ...
Generating Secure Images for CAPTCHAs through Noise Addition
As online automation, image processing and computer vision become increasingly powerful and sophisticated, methods to secure online assets from automated attacks (bots) are required. As traditional text based CAPTCHAs become more vulnerable to attacks, ...
A Logic of Trust for Reasoning about Delegation and Revocation
In ownership-based access control frameworks with the possibility of delegating permissions and administrative rights, chains of delegated accesses will form. There are different ways to treat these delegation chains when revoking rights, which give ...
Towards Attribute-Based Authorisation for Bidirectional Programming
Bidirectional programming allows developers to write programs that will produce transformations that extract data from a source document into a view. The same transformations can then be used to update the source in order to propagate the changes made ...
Mitigating Access Control Vulnerabilities through Interactive Static Analysis
Access control vulnerabilities due to programming errors have consistently ranked amongst top software vulnerabilities. Previous research efforts have concentrated on using automatic program analysis techniques to detect access control vulnerabilities ...
Towards a General Framework for Optimal Role Mining: A Constraint Satisfaction Approach
Role Based Access Control (RBAC) is the most widely used advanced access control model deployed in a variety of organizations. To deploy an RBAC system, one needs to first identify a complete set of roles, including permission role assignments and role ...
SPA: Inviting Your Friends to Help Set Android Apps
More and more powerful personal smart devices take users, especially the elder, into a disaster of policy administration where users are forced to set personal management policies in these devices. Considering a real case of this issue in the Android ...
Index Terms
- Proceedings of the 20th ACM Symposium on Access Control Models and Technologies
Recommendations
Acceptance Rates
| Year | Submitted | Accepted | Rate |
|---|---|---|---|
| SACMAT '19 | 52 | 12 | 23% |
| SACMAT '18 | 50 | 14 | 28% |
| SACMAT '17 Abstracts | 50 | 14 | 28% |
| SACMAT '16 | 55 | 18 | 33% |
| SACMAT '15 | 59 | 17 | 29% |
| SACMAT '14 | 58 | 17 | 29% |
| SACMAT '13 | 62 | 19 | 31% |
| SACMAT '12 | 73 | 19 | 26% |
| SACMAT '09 | 75 | 24 | 32% |
| SACMAT '03 | 63 | 23 | 37% |
| Overall | 597 | 177 | 30% |