Volume 15 (2023)
Volume 14 (2022)
Volume 13 (2021)
Volume 12 (2020)
Volume 11 (2019)
Volume 10 (2018)
Volume 9 (2017)
Volume 8 (2016)
Volume 7 (2015)
Volume 6 (2014)
Volume 5 (2013)
Volume 4 (2012)
Volume 3 (2011)
Volume 2 (2010)
Volume 1 (2009)
IDOT: Black-Box Detection of Access Control Violations in Web Applications

Mohammad Ali Hadavi; Arash Bagherdaei; Simin Ghasemi

Volume 13, Issue 2 , July 2021, , Pages 117-129

  < p>Automatic detection of access control violations in software applications is a challenging problem. Insecure Direct Object Reference (IDOR) is among top-ranked vulnerabilities, which violates access control policies and cannot be yet detected by automated vulnerability scanners. While such ...  Read More

Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems

Maryam Zarezadeh; Maede Ashouri-Talouki; Mohammad Siavashi

Volume 12, Issue 2 , July 2020, , Pages 129-140


  Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha ...  Read More

Enforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)

N. Soltani; R. Bohlooli; R. Jalili

Volume 10, Issue 2 , July 2018, , Pages 129-139


  One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings ...  Read More

A combination of semantic and attribute-based access control model for virtual organizations

M. Amini; M. Arasteh

Volume 7, Issue 1 , January 2015, , Pages 27-45


  A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which ...  Read More

Access control in ultra-large-scale systems using a data-centric middleware

S. Shokrollahi; F. Shams; J. Esmaeili

Volume 6, Issue 1 , January 2014, , Pages 3-22


    The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between ...  Read More

A centralized privacy-preserving framework for online social networks

F. Raji; A. Miri; M. Davarpanah Jazi

Volume 6, Issue 1 , January 2014, , Pages 35-52


  There are some critical privacy concerns in the current online social networks (OSNs). Users' information is disclosed to different entities that they were not supposed to access. Furthermore, the notion of friendship is inadequate in OSNs since the degree of social relationships between users dynamically ...  Read More

A semantic-aware role-based access control model for pervasive computing environments

A. Javadi; M. Amini

Volume 5, Issue 2 , July 2013, , Pages 119-140


  Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information ...  Read More

Authorization models for secure information sharing: a survey and research agenda

F. Salim; J. Reid; E. Dawson

Volume 2, Issue 2 , July 2010, , Pages 69-87


  This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency ...  Read More

A context-sensitive dynamic role-based access control model for pervasive computing environments

S. Sadat Emami; S. Zokaei

Volume 2, Issue 1 , January 2010, , Pages 47-66


  Resources and services are accessible in pervasive computing environments from anywhere and at any time. Also, due to ever-changing nature of such environments, the identity of users is unknown. However, users must be able to access the required resources based on their contexts. These and other similar ...  Read More