An access control language for web services

Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)

Volumn , Issue , 2002, Pages 23-30

  Sirer, Emin Gün ^a   Wang, Ke ^a  

^a Cornell University ^*  (United States)

Author keywords

Access control; Web services

Indexed keywords

CLIENT SERVER COMPUTER SYSTEMS; DATABASE SYSTEMS; HTTP; SECURITY OF DATA; WORLD WIDE WEB;

PLATFORM SPECIFIC ACCESS CONTROL CODE; SECURITY CHECKING CODE; SECURITY POLICY SPECIFICATION; WEBGUARD;

COMPUTER PROGRAMMING LANGUAGES;

EID: 0242540392     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/507711.507715     Document Type: Conference Paper

References (28)

1. L. Badger and D. F. Sterne and D. L. Sherman and K. M. Walker. Practical Domain and Type Enforcement for UNIX. In IEEE Symposium on Security and Privacy, Oakland, California, May 1995, 66-77.
2. J. Barkley, A. Cincotta, D. Ferraiolo, S. Gavrila, and D. R. Kuhn. Role Based Access Control for the World Wide Web. In Proceedings of the 20th National Information System Security Conference, NIST/NSA, 1997.
3. D. Bell and L. LaPadula. Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report MTR-1997, MITRE, Bedford, MA, 1975.
4. E. Bertino, P. A. Bonatti, E. Ferrari. TRBAC: A Temporal Role-based Access Control Model. In Proceedings of the Fifth ACM Workshop on Role-based Access Control. July 2000.
5. K. J. Biba, Integrity Constraints for Secure Computer Systems. Technical Report ESD-TR76-372, USAF Electronic System Division, Bedford, Massachusetts, April 1977.
6. M. Bishop, How to Write a Setuid Program. ;login: The USENIX Association Newsletter, 12(1)5-11, Jan./Feb. 1987.
7. W. E. Boebert and R. Y. Kain, A Practical Alternative to Hierarchical Integrity Policies. In Proceedings of the 8th National Computer Security Conf., Gaithersburg, MD, 1985.
8. S. Bunch. The Setuid Feature in UNIX and Security. In Proceedings of Tenth National Computer Security Conference, September 1987, 245-253.
9. CNet. Microsoft plugs Hotmail security hole. http://news.cnet.com/news/0-1003-200-6941020.html August 2001.
10. E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati. Securing XML Documents. In Proceedings. of the 2000 International Conference on Extending Database Technology, Konstanz, Germany, March 27-31, 2000.
11. E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati, XML Access Control Systems: A Component-Based Approach. In Proceedings of IFIP WG11.3 Working Conf. on Database Security, Schoorl, The Netherlands, August 21-23, 2000.
12. E.W. Dijkstra. Guarded Commands, Nondeterminacy and Formal Derivation of Programs. Communication of the ACM, vol. 18, num. 8, 453-457, Aug 1975.
13. U. Erlingsson and F. B. Schneider. SASI Enforcement of Security Policies: A Retrospective. In Proceedings of the 1999 New Security Paradigms Workshop, Caledon Hills, Sept. 1999.
14. D. Ferraiolo and R. Kuhn. Role-Based Access Control. In Proceedings of the 15th National Computer Security Conference, Baltimore, Maryland, 1992, 554-563.
15. J. Goguen and J. Meseguer. Security Policies and Security Models. In Proceedings of the 1982 IEEE Symp. on Research in Security and Privacy, IEEE Computer Society Press, 1982.
16. G. Graham and P. Denning. Protection: Principles and Practice. In Proceeding of Spring Joint Computer Conf., AFIPS Press, 1972.
17. M. Gray, Web Growth Summary. http://www.mit.edu/people.mkgray/net/ December 1997.
18. S. Jajodia, P. Samarati, and V.S. Subrahmanian. A Logical Language for Expressing Authorizations. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. Oakland, CA, USA: IEEE Press, 1997. 31-42.
19. D. Kristol, L. Montulli. HTTP State Management Mechanism. Request for Comments RFC-2965, Internet Engineering Task Force, October 2000
20. B. Lampson. Protection. In Proceedings of 5th Princeton Symposium on Information Sciences and Systems, March 1971. Reprinted in ACM Operating Systems Review, 8(1) 1974.
21. L. Lamport. The Temporal Logic of Actions. ACM Transactions on Programming Languages and Systems, 16(3), 872-923, 1994.
22. Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems. Springer-Verlag: Heidelberg, Germany, 1992.
23. OpenACS Documentation. http://www.openacs.org/ December 2001.
24. R. Sandhu, E. J. Coyne, H. L. Feinstein, and C.E. Youman. Role Based Access Control Models. IEEE Computer, 29 (2), Feb. 1996.
25. R. S. Sandhu. Lattice-based Access Control Models. IEEE Computer, 26(11): 9-19, November 1993.
26. F. B. Schneider. Enforceable Security Policies. TR 98-1664, Dept. of Computer Science, Cornell Univ., Ithaca, NY, 1998.
27. D. J. Thomsen and J. T. Haigh. A Comparison of Type Enforcement and Unix Setuid Implementation of Well-formed Transactions. In Proceedings of Sixth Annual Computer Security Applications Conf., Tucson, Arizona, December 1990, 304-312.
28. Whitehat, Inc. Secure Web Programming, http://www.whitehatsec.com/ December 2001.