On context in authorization policy

Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)

Volumn , Issue , 2003, Pages 80-89

  McDaniel, Patrick ^a  

^a AT AND T LABS RESEARCH   (United States)

Author keywords

Authorization; Context; Distributed systems; Policy; Policy oriented programming; Security requirements

Indexed keywords

ALGORITHMS; COMPUTER PROGRAMMING; DISTRIBUTED COMPUTER SYSTEMS; INFORMATION MANAGEMENT; SEMANTICS; USER INTERFACES; XML;

ANTIGONE CONDITION FRAMEWORK; AUTHORIZATION POLICY; CONTEXT; POLICY-ORIENTED PROGRAMMING;

SECURITY OF DATA;

EID: 0242456739     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/775418.775422     Document Type: Conference Paper

References (30)

1. Jean Bacon, Ken Moody, and Walt Yao. A Model of OASIS Role-Based Access Control and its Support for Active Security. ACM Transactions on Information and System Security, 5(4):492-540, November 2002.
2. D. Bell and L. LaPadula. Secure Computer Systems: Mathematical Foundations and Model. Technical Report M74-244, MITRE Corperation, Bedford, MA, 1973.
3. Nina T. Bhatti, Matti A. Hiltunen, Richard D. Schlichting, and Wanda Chiu. Coyote: A System for Constructing Fine-Grain Configurable Communication Services. ACM Transactions on Computer Systems, 16(4):321-366, November 1998.
4. A. D. Birrell and B. J. Nelson. Implementing Remote Procedure Calls. In Proceedings of the ACM Symposium on Operating System Principles, page 3. Association for Computing Machinery, 1983.
5. M. Blaze, J. Feigenbaum, John Ioannidis, and A. Keromytis. The Role of Trust Management in Distributed Systems Security. In Secure Internet Programming: Issues in Distributed and Mobile Object Systems, volume 1603, pages 185-210. Springer-Verlag Lecture Notes in Computer Science State-of-the-Art series, 1999. New York, NY.
6. M. Blaze, J. Feigenbaum, and Jack Lacy. Decentralized Trust Management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164-173, November 1996. Los Alamitos.
7. M. Blaze, J. Feigbaum, J. Ioannidis, and K. Keromytis. The KeyNote Trust Management System - Version 2. Internet Engineering Task Force, September 1999. RFC 2704.
8. Matt Blaze, John Ionnidis, and Angelos D. Keromytis. Trust management for IPsec. Information and System Security, 5(2):95-118, 2002.
9. D. Box, D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. Frystyk Nielsen, S. Thatte, and D. Winer. Simple Object Access Protocol (SOAP) 1.2, June 2002. http://www.w3.org/TR/soap12-part1/.
10. Fabian Breg, Shridhar Diwan, Juan Villacis, Jayashree Balasubramanian, Esra Akman, and Dennis Gannon. Java RMI performance and object model interoperability: Experiments with Java/HPC++. Concurrency: Practice and Experience, 10(11-13):941-955, 1998.
11. R. Hayton, J. Bacon, and K. Moody. OASIS: Access Control in an Open, Distributed Environment. In Proceedings of 1998 IEEE Symposium on Security and Privacy. IEEE, May 1998. Oakland, California.
12. John Ioannidis. Personal communication, December 2002.
13. Gregor Kiczales, John Lamping, Anurag Menhdhekar, Chris Maeda, Cristina Lopes, Jean-Marc Loingtier, and John Irwin. Aspect-oriented programming. In Proceedings European Conference on Object-Oriented Programming, volume 1241, pages 220-242. Springer-Verlag, Berlin, Heidelberg, and New York, 1997.
14. P. McDaniel. Management in Secure Group Communication. PhD thesis, University of Michigan, Ann Arbor, MI, August 2001.
15. P. McDaniel and A. Prakash. Antigone Secure Group Communication System. NASA Tech Briefs, 2001. (to appear).
16. P. McDaniel and A. Prakash. Methods and Limitations of Security Policy Reconciliation. In 2002 IEEE Symposium on Security and Privacy, pages 73-87. IEEE, MAY 2002. Oakland, California.
17. P. McDaniel, A. Prakash, and P. Honeyman. Antigone: A Flexible Framework for Secure Group Communication. In Proceedings of the 8th USENIX Security Symposium, 99-114, August 1999.
18. P. McDaniel, A. Prakash, J. Irrer, S. Mittal, and T. Thuang. Flexibly Constructing Secure Groups in Antigone 2.0. In Proceedings of DARPA Information Survivability Conference and Exposition II, pages 55-67. IEEE, June 2001.
19. B. Moore, E. Elleson, J. Strassner, and A. Westerinen. Policy Core Information Model - Version 1 Specification. Internet Engineering Task Force, February 2001. RFC 3060.
20. Unix Man Page. dlopen man page. Linux Programmers Manual, Section 3.
21. G. Patz, M. Condell, R. Krishnan, and L. Sanchez. Multidimensional Security Policy Management for Dynamic Coalitions. In Proceedings of Network and Distributed Systems Security 2001. Internet Society, February 2001. San Diego, CA, (to appear).
22. R. Ryutov and C. Neuman. Representation and Evaluation of Security Policies for Distributed System Services. In Proceedings of DARPA Information Survivability Conference and Exposition, pages 172-183, Hilton Head, South Carolina, January 2000. DARPA.
23. Ravi S. Sandhu. Lattice-based access control models. IEEE Computer, 26(11):9-19, 1993.
24. Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-Based Access Control Models. IEEE Computer, 29(2):38-48, 1996.
25. Ravi S. Sandhu and Pierrangela Samarati. Access Control: Principles and Practice. IEEE Communications Magazine, 32(9):40-48, 1994.
26. Mary Thompson, William Johnston, Srilekha Mudumbai, Gary Hoo, Keith Jackson, and Abdelilah Essiari. Certificate-based Access Control for Widely Distributed Resources. In Proceedings of the 8th USENIX Security Symposium, pages 215-228, August 1999.
27. Steve Vinoski. CORBA: Integrating Diverse Applications Within Distributed Heterogeneous Environments. IEEE Communications Magazine, 14(2), February 1994.
28. A. Westerinen, J. Schnizlein, J. Strassner, Mark Scherling, Bob Quinn, Jay Perry, Shai Herzog, An-Ni Huynh, Mark Carlson, and Steve Waldbusser. Policy Terminology (Draft). Internet Engineering Task Force, march 2001.
29. W. Yeong, T. Howes, and S. Kille. Lightweight Directory Access Protocol. Internet Engineering Task Force, March 1995. RFC 1777.
30. J. Zao, L. Sanchez, M. Condell, C. Lyn, M. Fredette, P. Helinek, P. Krishnan, A. Jackson, D. Mankins, M. Shepard, and S. Kent. Domain Based Internet Security Policy Management. In Proceedings of DARPA Information Survuvability Conference and Exposition, pages 41-53, Hilton Head, South Carolina, January 2000. DARPA.