Security policy reconciliation in distributed computing environments

Proceedings - Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2004

Volumn , Issue , 2004, Pages 137-146

  Wang, Hao ^a   Jha, Somesh ^a   Livny, Miron ^a   McDaniel, Patrick D ^b  

^a University of Wisconsin Madison   (United States)

^b AT AND T LABS RESEARCH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ALGORITHMS; CRYPTOGRAPHY; GRAPHIC METHODS; NETWORK PROTOCOLS; RESOURCE ALLOCATION; SECURITY OF DATA;

DISTRIBUTED COMPUTING; POLICY RECONCILIATION ENGINES (PRE); RECONCILIATION ALGORITHMS; SECURITY PROBLEMS;

DISTRIBUTED COMPUTER SYSTEMS;

EID: 11244319622     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1016/j.aquaculture.2004.09.014     Document Type: Conference Paper

References (33)

1. D. Balenson, D. Branstad, P. Dinsmore, M. Heyman, and C. Scace. Cryptographic Context Negotiation Protocol. Technical report, Network Associates, Inc., 1999.
2. D. Balenson, D. Branstad, D. McGrew, J. Turner, and M. Heyman. Cryptographic Context Negotiation Template. Technical report, Network Associates, Inc., 1999.
3. Y. Bartal, A. J. Mayer, K. Nissim, and A. Wool. Firmato: A novel firewall management toolkit. In IEEE Symposium on Security and Privacy, pages 17-31, 1999.
4. D. Bell and L. LaPadula. Secure Computer Systems: Mathematical Foundations and Model. Technical Report M74-244, MITRE Corporation, Bedford, MA, 1973.
5. M. Blaze, J. Feigenbaum, and A. Keromytis. KeyNote: Trust management for public-key infrastructures. Lec. Notes in Comp. Sci., 1550:59-63, 1999.
6. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164-173, November 1996. Los Alamitos.
7. M. Blaze, J. Ioannidis, and A. D. Keromytis. Trust management for IPsec. Information and System Security, 5(2):95-118, 2002.
8. L. Cholvy and F. Cuppens. Analyzing Consistency of Security Policies. In 1997 IEEE Symposium on Security and Privacy, pages 103-112. IEEE, May 1997. Oakland, CA.
9. Condor. http://www.cs.wisc.edu/condor/.
10. J. DeTreville. Binder, a logic-based security language. In Symp. on Res. in Sec. and Privacy, Oakland, CA, May 2002. IEEE Computer Society Press.
11. P. Dinsmore, D. Balenson, M. Heyman, P. Kruus, C. Scace, and A. Sherman. Policy-Based Security Management for Large Dynamic Groups: An Overview of the DCCM Project. In DARPA Information Survivability Conference and Exposition, pages 64-73, 2000.
12. C. Ellison. SPKI requirements. RFC 2692, Sept. 1999.
13. C. Ellison, B. Frantz, B. Lampson, R. L. Rivest, B. Thomas, and T. Ylonen. SPKI certificate theory. RFC 2693, Sept. 1999.
14. Z. Fu and S. F. Wu. Automatic Generation of IPSec/VPN Security Policies In an Intra-Domain Environment. In Proceedings of the 12th International Workshop on Distributed System Operation & Management (DSOM 2001), pages 279-290, October 2001.
15. L. Gong and X. Qian. The Complexity and Composability of Secure Interoperation. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 190-200, Oakland, California, May 1994. IEEE.
16. D. Harkins and D. Carrel. The Internet Key Exchange (IKE). http://www.ietf.org/rfc/rfc2409.txt, 1998.
17. J. Hoagland, R. Pandey, and K. Levitt. Security Policy Specification Using a Graphical Approach. Technical Report CSE-98-3, The University of California, Davis Department of Computer Science, June 1998.
18. T. Jim. SD3: A trust management system with certified evaluation. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, May 2001.
19. S. Kent and R. Atkinson. Security Architecture for the Internet Protocol. http://www.ietf.org/rfc/rfc2401.txt, 1998.
20. M. Koch, L. V. Mancini, and F. Parisi-Presicce. A Graph-Based Formalism for RBAC. Transactions on Information and System Security (TISSEC), 5(3):332 - 365, 2002.
21. M. Litzkow, M. Livny, and M. Mutka. Condor - A Hunter of Idle Workstations. In Proceedings of the 8th International Conference of Distributed Computing Systems (ICDCS), pages 104-111, 1988.
22. P. McDaniel. Policy Management in Secure Group Communication. PhD thesis, University of Michigan, Ann Arbor, MI, August 2001.
23. P. McDaniel and A. Prakash. Methods and limitations of security policy reconciliation. In 2002 IEEE Symposium on Security and Privacy, pages 73-87, May 2002.
24. P. McDaniel, A. Prakash, and P. Honeyman. Antigone: A Flexible Framework for Secure Group Communication. In Proceedings of the 8th USENIX Security Symposium, pages 99-114, August 1999.
25. M. Nyanchama and S. Osborn. The Role Graph Model and Conflict of Interest. Transactions on Information and System Security (TISSEC), 2(1):3 - 33, 1999.
26. L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A Community Authorization Service for Group Collaboration. In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2001.
27. T. F. Project. Linux FreeS/WAN. http://www.freeswan.org/.
28. R. Raman, M. Livny, and M. Solomon. Matchmaking: Distributed Resource Management for High Throughput Computing. In Proceedings of the Seventh IEEE International Symposium on High Performance Distributed Computing (HPDC), 1998.
29. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-Based Access Control Models. IEEE Computer, 29(2):38-41, 1996.
30. R. S. Sandhu and P. Samarati. Access Control: Principles and Practice. IEEE Communications Magazine, 32(9):40-48, 1994.
31. H. Wang, S. Jha, P. McDaniel, and M. Livny. Security Policy Reconciliation in Deistributed Computing Environments. Technical Report 1499, University of Wisconsin-Madison, March 2004.
32. Y. Yang, Z. Fu, and S. F. Wu. BANDS: An Inter-domain Internet Security Policy Management System for IPSec/VPN. In Integrated Network Management, volume 246 of IFIP Conference Proceedings, pages 231-244. Kluwer, 2003.
33. J. Zao, L. Sanchez, M. Condell, C. Lynn, M. Fredette, P. Helinek, P. Krishnan, A. Jackson, D. Mankins, M. Shepard, and S. Kent. Domain Based Internet Security Policy Management. In DARPA Information Survivability Conference and Exposition, pages 41-53, 2000.