2020 Proceeding- General Chair:
- Jorge Lobo,
- Program Chairs:
- Scott D. Stoller,
- Peng Liu
It is our great pleasure to welcome you to the 25th ACM Symposium on Access Control Models and Technologies (SACMAT 2020). SACMAT is the premier forum for presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The aims of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments, and to identify new directions for research and development. SACMAT provides researchers and practitioners with a unique opportunity to share their perspectives with others interested in the various aspects of access control. We received 39 papers with authors from 16 countries. Each paper was reviewed by at least three experts and discussed to reach consensus. The program committee finally accepted 13 full papers and 3 short papers out of 34 submissions to the regular track, 3 papers out of 5 submissions to the Blue Sky / Vision track, 2 demos, and a poster.
Proceeding Downloads
Metering Graphical Data Leakage with Snowman
A long-standing technique to interfere with theft of sensitive data by its intended users is permitting these insiders only remote access to the data via a thin client. Even allowing only remote access is inadequate, however, to counter an insider ...
Visualizing and Interpreting RNN Models in URL-based Phishing Detection
Existing studies have demonstrated that using traditional machine learning techniques, phishing detection simply based on the features of URLs can be very effective. In this paper, we explore the deep learning approach and build four RNN (Recurrent ...
Parallel Space Traveling: A Security Analysis of App-Level Virtualization in Android
App-level virtualization becomes increasingly popular. It allows multiple instances of an application to run simultaneously on the same Android system, without requiring modification of the Android firmware. These virtualization-capable apps are used by ...
Cryptography for #MeToo
Reporting sexual assault and harassment is an important and difficult problem. Since late 2017, it has received increased attention as the viral #MeToo movement has brought about accusations against high-profile individuals and a wider discussion around ...
Norm-based Access Control
Collaborative systems, such as online social networks or Internet of Things, host vast amounts of content that is created and manipulated by multiple users. Co-edited documents or group pictures are prime examples of such co-owned content. Respecting ...
Security and Privacy Analysis of Android Family Locator Apps
Families are increasingly using Family Locator (FL) apps for convenience and safety purposes. Such FL apps often collect a lot of sensitive information, such as user location and contacts, to improve their usability and functionality. However, it is not ...
Declarative Access Control for Aggregations of Multiple Ownership Data
Data aggregation operations are popular in domains like data analytics, machine learning and artificial intelligence. However, despite the availability of information, situations like fragmented ownership and legal frameworks hinder data processing, ...
Accept - Maybe - Decline: Introducing Partial Consent for the Permission-based Access Control Model of Android
The consent to personal data sharing is an integral part of modern access control models on smart devices. This paper examines the possibility of registering conditional consent which could potentially increase trust in data sharing. We introduce an ...
Matrix Decomposition: Analysis of an Access Control Approach on Transaction-based DAGs without Finality
The Matrix message-oriented middleware (see https://matrix.org) is gaining momentum as a basis for a decentralized, secure messaging system as shown, for example, by its deployment within the French government and by the Mozilla foundation. Thus, ...
Constraint Branching in Workflow Satisfiability Problem
There has been a considerable interest in recent years in the problem of workflow satisfiability which seeks an allocation of authorised users to every step of the workflow, subject to workflow specification constraints. Unfortunately, the workflow ...
Automated Strong Mutation Testing of XACML Policies
While the existing methods for testing XACML policies have varying levels of effectiveness, none of them can reveal the majority of policy faults. The undisclosed faults may lead to unauthorized access and denial of service. This paper presents an ...
Analysis of Access Control Enforcement in Android
Over the past decade, the Android operating system install-base has proliferated to billions of devices, rivaling Microsoft Windows as a top computing platform. One of the most attractive aspects of Android is its vast collection of applications, ...
Informed Privilege-Complexity Trade-Offs in RBAC Configuration
Role-Based Access Control (RBAC) has the potential both to simplify administration and improve an organization's security. But for non-trivial configurations, there is a conflict between defining fine-grained roles which adhere to the principle of least ...
Proactive Risk Assessment for Preventing Attribute-Forgery Attacks to ABAC Policies
Recently, the use of well-defined, security-relevant pieces of runtime information, a.k.a., attributes, has emerged as a convenient paradigm for writing, enforcing, and maintaining authorization policies, allowing for extended flexibility and convenien...
Benchmarking UAQ Solvers
The User Authorization Query (UAQ) Problem is key for RBAC systems that aim to offer permission level user-system interaction, where the system automatically determines the roles to activate in order to enable the requested permissions. Finding a ...
AQUA: An Efficient Solver for the User Authorization Query Problem
We present AQUA, a solver for the User Authorization Query (UAQ) problem in Role-Based Access Control (RBAC). The UAQ problem amounts to determining a set of roles granting a given set of permissions, satisfying a collection of authorisation constraints ...
Active Learning of Relationship-Based Access Control Policies
Understanding access control policies is essential in understanding the security behavior of systems. However, often times, a complete and accurate specification of the enforced access control policy in a system is not available. In fact, scale and ...
A Decision Tree Learning Approach for Mining Relationship-Based Access Control Policies
Relationship-based access control (ReBAC) provides a high level of expressiveness and flexibility that promotes security and information sharing, by allowing policies to be expressed in terms of chains of relationships between entities. ReBAC policy ...
On Security Policy Migrations
There has been over the past decade a rapid change towards computational environments that are comprised of large and diverse sets of devices, many of them mobile, which can connect in flexible and context-dependent ways. Examples range from networks ...
Multi-party Access Control - 10 Years of Successes and Lessons Learned
As end-users have been asked to take on management tasks for their content and online resources, access control mechanisms have played an increasingly important role in a broad range of applications. These include data management for personalized ...
A Data Access Model for Privacy-Preserving Cloud-IoT Architectures
We propose a novel data collection and data sharing model for cloud-IoT architectures with an emphasis on data privacy. This model has been implemented in Privasee, an open source platform for privacy-aware web-application development, which provides a ...
ABAC-CC: Attribute-Based Access Control and Communication Control for Internet of Things
Internet of Things (IoT) is revolutionizing the capabilities of the Internet with billions of connected devices in the cyberspace. These devices are commonly referred to as smart things enabling smart environments, such as Smart Home, Smart Health, ...
Deploying Access Control Enforcement for IoT in the Cloud-Edge Continuum with the help of the CAP Theorem
The CAP Theorem is used by distributed system practitioners to investigate the necessary trade-offs in the design and development of distributed systems, mainly databases and web applications. In this paper, we use it to reason about access control ...
Mammoth: Monitoring the ABAC Monitor of MQTT-based Internet of Things ecosystems
Data confidentiality and privacy are becoming primary concerns for Internet of Things applications. A variety of access control approaches have been proposed to address this issue. In this demonstration we present a tool, called Mammoth, which ...
Poster: IoT SENTINEL - An ABAC Approach Against Cyber-Warfare In Organizations
Recently, Internet of Things (IoT) devices and applications are becoming increasingly popular among users in various IoT domains, such as Wearable IoT, Smart Cities, Smart Home, and Smart Industry. With a range of IoT devices, cyber attack surface has ...
- Proceedings of the 25th ACM Symposium on Access Control Models and Technologies
Recommendations
Acceptance Rates
| Year | Submitted | Accepted | Rate |
|---|---|---|---|
| SACMAT '19 | 52 | 12 | 23% |
| SACMAT '18 | 50 | 14 | 28% |
| SACMAT '17 Abstracts | 50 | 14 | 28% |
| SACMAT '16 | 55 | 18 | 33% |
| SACMAT '15 | 59 | 17 | 29% |
| SACMAT '14 | 58 | 17 | 29% |
| SACMAT '13 | 62 | 19 | 31% |
| SACMAT '12 | 73 | 19 | 26% |
| SACMAT '09 | 75 | 24 | 32% |
| SACMAT '03 | 63 | 23 | 37% |
| Overall | 597 | 177 | 30% |