A security policy framework for context-aware and user preferences in e-services

Layth Sliman; Frédérique Biennier; Youakim Badr

doi:10.1016/j.sysarc.2008.12.001

A security policy framework for context-aware and user preferences in e-services

Layth Sliman
, Frédérique Biennier
, Youakim Badr

Engineering Division (Great Valley)

Research output: Contribution to journal › Article › peer-review

15 Scopus citations

Abstract

In today's dynamic and distributed markets a large spectrum of services is delivered through information and communication technologies. Emerging markets of e-services lie at the intersection of non-traditional user behaviour, and cyber-partnerships of enterprises to deliver innovative services. Current approaches to manage and control security demonstrate lacks in terms of security policy matching and integration in heterogeneous e-service environments. In this paper, we introduce a framework to support role-based access control for distributed services focusing on the integration of customer preferences. The framework aims to collect and generate policy-based security measures in cross-organisational scenarios. In addition to catering to specifications of security and business policies, the ability to integrate contextual information and user preferences make the role-based framework flexible and express a variety of access policies that provide a just-in-time permission activation.

Original language	English (US)
Pages (from-to)	275-288
Number of pages	14
Journal	Journal of Systems Architecture
Volume	55
Issue number	4
DOIs	https://doi.org/10.1016/j.sysarc.2008.12.001
State	Published - Apr 2009

All Science Journal Classification (ASJC) codes

Software
Hardware and Architecture

Access to Document

10.1016/j.sysarc.2008.12.001

Cite this

@article{f9a0be3ef07b4d04aa6f599c17826417,

title = "A security policy framework for context-aware and user preferences in e-services",

abstract = "In today's dynamic and distributed markets a large spectrum of services is delivered through information and communication technologies. Emerging markets of e-services lie at the intersection of non-traditional user behaviour, and cyber-partnerships of enterprises to deliver innovative services. Current approaches to manage and control security demonstrate lacks in terms of security policy matching and integration in heterogeneous e-service environments. In this paper, we introduce a framework to support role-based access control for distributed services focusing on the integration of customer preferences. The framework aims to collect and generate policy-based security measures in cross-organisational scenarios. In addition to catering to specifications of security and business policies, the ability to integrate contextual information and user preferences make the role-based framework flexible and express a variety of access policies that provide a just-in-time permission activation.",

author = "Layth Sliman and Fr{\'e}d{\'e}rique Biennier and Youakim Badr",

year = "2009",

month = apr,

doi = "10.1016/j.sysarc.2008.12.001",

language = "English (US)",

volume = "55",

pages = "275--288",

journal = "Journal of Systems Architecture",

issn = "1383-7621",

publisher = "Elsevier B.V.",

number = "4",

}

TY - JOUR

T1 - A security policy framework for context-aware and user preferences in e-services

AU - Sliman, Layth

AU - Biennier, Frédérique

AU - Badr, Youakim

PY - 2009/4

Y1 - 2009/4

N2 - In today's dynamic and distributed markets a large spectrum of services is delivered through information and communication technologies. Emerging markets of e-services lie at the intersection of non-traditional user behaviour, and cyber-partnerships of enterprises to deliver innovative services. Current approaches to manage and control security demonstrate lacks in terms of security policy matching and integration in heterogeneous e-service environments. In this paper, we introduce a framework to support role-based access control for distributed services focusing on the integration of customer preferences. The framework aims to collect and generate policy-based security measures in cross-organisational scenarios. In addition to catering to specifications of security and business policies, the ability to integrate contextual information and user preferences make the role-based framework flexible and express a variety of access policies that provide a just-in-time permission activation.

AB - In today's dynamic and distributed markets a large spectrum of services is delivered through information and communication technologies. Emerging markets of e-services lie at the intersection of non-traditional user behaviour, and cyber-partnerships of enterprises to deliver innovative services. Current approaches to manage and control security demonstrate lacks in terms of security policy matching and integration in heterogeneous e-service environments. In this paper, we introduce a framework to support role-based access control for distributed services focusing on the integration of customer preferences. The framework aims to collect and generate policy-based security measures in cross-organisational scenarios. In addition to catering to specifications of security and business policies, the ability to integrate contextual information and user preferences make the role-based framework flexible and express a variety of access policies that provide a just-in-time permission activation.

UR - https://www.scopus.com/pages/publications/63649103385

UR - https://www.scopus.com/pages/publications/63649103385#tab=citedBy

U2 - 10.1016/j.sysarc.2008.12.001

DO - 10.1016/j.sysarc.2008.12.001

M3 - Article

AN - SCOPUS:63649103385

SN - 1383-7621

VL - 55

SP - 275

EP - 288

JO - Journal of Systems Architecture

JF - Journal of Systems Architecture

IS - 4

ER -

A security policy framework for context-aware and user preferences in e-services

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this