There are some critical privacy concerns in the current online social networks (OSNs). Users' information is disclosed to different entities that they were not supposed to access. Furthermore, the notion of friendship is ...

One of the security issues in data outsourcing is the enforcement of the data owner's access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of ...

Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access ...

Resources and services are accessible in pervasive computing environments from anywhere and at any time. Also, due to ever-changing nature of such environments, the identity of users is unknown. However, users must be able ...

The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As ...

A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing ...

This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerging business models based on the concept of a 'virtual organization'. The article argues that present authorization models are inflexible and poorly scalable in such dynamic environments due to their assumption that the future needs of the system can be predicted, which in turn justifies the use of persistent authorization policies. The article outlines the motivation and requirement for a new flexible authorization model that addresses the needs of information sharing. It proposes that a flexible and scalable authorization model must allow an explicit specification of the objectives of the system and access decisions must be made based on a late trade-off analysis between these explicit objectives. A research agenda for the proposed Objective-Based Access Control concept is presented....

Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. ...

< p>Automatic detection of access control violations in software applications is a challenging problem. Insecure Direct Object Reference (IDOR) is among top-ranked vulnerabilities, which violates access control policies ...