- General Chair:
- Florian Kerschbaum,
- Program Chairs:
- Atefeh Mashatan,
- Jianwei Niu,
- Adam J. Lee
It is our great pleasure to welcome you to the ACM Symposium on Access Control Models and Technologies (SACMAT 2019). This year's symposium continues its tradition of being the premier forum for presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The aims of the symposium are to share novel access control solutions that fulfil the needs of heterogeneous applications and environments, and to identify new directions for future research and development. SACMAT provides researchers and practitioners with a unique opportunity to share their perspectives with others interested in the various aspects of access control.
We had 52 submissions from a variety of countries around the world. Submissions were anonymous; each paper has been reviewed by at least three reviewers who are experts in the field. Extensive online discussions took place to make the selections for the symposium. The program committee finally accepted 12 papers as full papers for presentation at the conference. The program contains 6 short papers, poster and demo presentations, and a panel session. This year we are very happy to welcome three well-known keynote speakers: Securing Big Data: New Access Control Challenges and Approaches, Murat Kantarcioglu (University of Texas at Dallas, USA) Trading SLAs for PhDs: Moving towards streamlined innovation with academia, Kory Fong (RBC, Canada) History and Future of Automated Vulnerability Analysis, Adam Doupé (Arizona State University, USA)
Putting together SACMAT 2019 was a team effort. We first thank the authors for providing the content of the program. We are grateful to the program committee, who worked very hard in reviewing papers and providing feedback for authors. Special thanks go to Elisa Bertino (Blue Sky/Vision Chair), Aniket Kate (Panels Chair), Axel Kern (Demonstrations Chair), Murtuza Jadliwala (Poster Chair), James Joshi (Test of Time Award Chair), Dongwan Shin (Webmaster), Hongxin Hu (Proceedings Chair) and Giovanni Livraga (Publicity Chair) for their help in organizing and publicizing the symposium. We also thank the members of the steering committee and especially its chair, Elena Ferrari, for providing valuable advice and support.
Proceeding Downloads
Securing Big Data: New Access Control Challenges and Approaches
Recent cyber attacks have shown that the leakage/stealing of big data may result in enormous monetary loss and damage to organizational reputation, and increased identity theft risks for individuals. Furthermore, in the age of big data, protecting the ...
Access Control for Binary Integrity Protection using Ethereum
The integrity of executable binaries is essential to the security of any device that runs them. At best, a manipulated binary can leave the system in question open to attack, and at worst, it can compromise the entire system by itself. In recent years, ...
CAOS: Concurrent-Access Obfuscated Store
This paper proposes Concurrent-Access Obfuscated Store (CAOS), a construction for remote data storage that provides access-pattern obfuscation in a honest-but-curious adversarial model, while allowing for low bandwidth overhead and client storage. ...
PolTree: A Data Structure for Making Efficient Access Decisions in ABAC
In Attribute-Based Access Control (ABAC), a user is permitted or denied access to an object based on a set of rules (together called an ABAC Policy) specified in terms of the values of attributes of various types of entities, namely, user, object and ...
FriendGuard: A Friend Search Engine with Guaranteed Friend Exposure Degree
With the prevalence of online social networking, a large amount of studies have focused on online users' privacy. Existing work has heavily focused on preventing unauthorized access of one's personal information (e.g. locations, posts and photos). Very ...
Brokering Policies and Execution Monitors for IoT Middleware
Event-based systems lie at the heart of many cloud-based Internet-of-Things (IoT) platforms. This combination of the Broker architectural style and the Publisher-Subscriber design pattern provides a way for smart devices to communicate and coordinate ...
Expat: Expectation-based Policy Analysis and Enforcement for Appified Smart-Home Platforms
This paper focuses on developing a security mechanism geared towards appified smart-home platforms. Such platforms often expose programming interfaces for developing automation apps that mechanize different tasks among smart sensors and actuators (e.g., ...
Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital Ecosystems
We are living in an age in which digitization will connect more and more physical assets with IT systems and where IoT endpoints will generate a wealth of valuable data. Companies, individual users, and organizations alike therefore have the need to ...
IoT Passport: A Blockchain-Based Trust Framework for Collaborative Internet-of-Things
Internet-of-Things (IoT) is a rapidly-growing transformative expansion of the Internet with increasing influence on our daily life. Since the number of "things" is expected to soon surpass human population, control and automation of IoT devices has ...
An OpenRBAC Semantic Model for Access Control in Vehicular Networks
Inter-vehicle communication has the potential to significantly improve driving safety, but also raises security concerns. The fundamental mechanism to govern information sharing behaviors is access control. Since vehicular networks have a highly dynamic ...
Toward Detection of Access Control Models from Source Code via Word Embedding
Advancement in machine learning techniques in recent years has led to deep learning applications on source code. While there is little research available on the subject, the work that has been done shows great potential. We believe deep learning can be ...
On the Difficulty of Using Patient's Physiological Signals in Cryptographic Protocols
With the increasing capabilities of wearable sensors and implantable medical devices, new opportunities arise to diagnose, control and treat several chronic conditions. Unfortunately, these advancements also open new attack vectors, making security an ...
HITC: Data Privacy in Online Social Networks with Fine-Grained Access Control
Online Social Networks (OSNs), such as Facebook and Twitter, are popular platforms that enable users to interact and socialize through their networked devices. The social nature of such applications encourages users to share a great amount of personal ...
Generalized Mining of Relationship-Based Access Control Policies in Evolving Systems
Relationship-based access control (ReBAC) provides a flexible approach to specify policies based on relationships between system entities, which makes them a natural fit for many modern information systems, beyond online social networks. In this paper ...
Enhancing Biometric-Capsule-based Authentication and Facial Recognition via Deep Learning
In recent years, developers have used the proliferation of biometric sensors in smart devices, along with recent advances in deep learning, to implement an array of biometrics-based authentication systems. Though these systems demonstrate remarkable ...
History and Future of Automated Vulnerability Analysis
The software upon which our modern society operates is riddled with security vulnerabilities. These vulnerabilities allow hackers access to our sensitive data and make our system insecure. To identify vulnerabilities in software, human experts, or ...
Towards Effective Verification of Multi-Model Access Control Properties
Many existing software systems like logistics systems or enterprise applications employ data security in a more or less ad hoc fashion. Our approach focuses on access control such as permission-based discretionary access control (DAC), variants of role-...
Efficient and Extensible Policy Mining for Relationship-Based Access Control
Relationship-based access control (ReBAC) is a flexible and expressive framework that allows policies to be expressed in terms of chains of relationship between entities as well as attributes of entities. ReBAC policy mining algorithms have a potential ...
A Rule-based Approach to the Decidability of Safety of ABACα
ABACα is a foundational model for attribute-based access control with a minimal set of capabilities to configure many access control models of interest, including the dominant traditional ones: discretionary (DAC), mandatory (MAC), and role-based (RBAC)...
Bounded and Approximate Strong Satisfiability in Workflows
There has been a considerable amount of interest in recent years in the problem of workflow satisfiability, which asks whether the existence of constraints in a workflow specification makes it impossible to allocate authorized users to each step in the ...
Using Provenance for Secure Data Fusion in Cooperative Systems
In the context of cooperative systems, data coming from multiple, autonomous, heterogeneous information sources, is processed and fused into new pieces of information that can be further processed by other entities participating in the cooperation. ...
Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies
Recently, applications that deliver customized content to end-users, e.g., digital objects on top of a video stream, depending on information such as their current physical location, usage patterns, personal data, etc., have become extremely popular. ...
CMCAP: Ephemeral Sandboxes for Adaptive Access Control
We present CMCAP (context-mapped capabilities), a decentralized mechanism for specifying and enforcing adaptive access control policies for resource-centric security. Policies in CMCAP express runtime constraints defined as containment domains with ...
Mutual Authorizations: Semantics and Integration Issues
Studies in fields like psychology and sociology have revealed that reciprocity is a powerful determinant of human behavior. None of the existing access control models however captures this reciprocity phenomenon. In this paper, we introduce a new kind ...
CloudProtect - A Cloud-based Software Protection Service
Protecting software from illegal access, intentional modification or reverse engineering is an inherently difficult practical problem involving code obfuscation techniques and real-time cryptographic protection of code. In traditional systems a secure ...
Poster: A Pluggable Authentication Module for Big Data Federation Architecture
This paper intends to propose a trustworthy model for authenticating users and services over a Big Data Federation deployment architecture. The main goal of this model is to provide a Single-Sign-on (SSO) approach for the latest Hadoop 3.x platform. To ...
Verifying OAuth Implementations Through Encrypted Network Analysis
Verifying protocol implementations via application analysis can be cumbersome. Rapid development cycles of both the protocol and applications that use it can hinder up-to-date analysis. A better approach is to use formal models to characterize the ...
Index Terms
- Proceedings of the 24th ACM Symposium on Access Control Models and Technologies
Recommendations
Acceptance Rates
| Year | Submitted | Accepted | Rate |
|---|---|---|---|
| SACMAT '19 | 52 | 12 | 23% |
| SACMAT '18 | 50 | 14 | 28% |
| SACMAT '17 Abstracts | 50 | 14 | 28% |
| SACMAT '16 | 55 | 18 | 33% |
| SACMAT '15 | 59 | 17 | 29% |
| SACMAT '14 | 58 | 17 | 29% |
| SACMAT '13 | 62 | 19 | 31% |
| SACMAT '12 | 73 | 19 | 26% |
| SACMAT '09 | 75 | 24 | 32% |
| SACMAT '03 | 63 | 23 | 37% |
| Overall | 597 | 177 | 30% |