Trust-based secure information sharing between federal government agencies

Journal of the American Society for Information Science and Technology

Volumn 56, Issue 3, 2005, Pages 283-298

  Liu, Peng ^a   Chetal, Amit ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

E-AUTHENTICATION; FEDERAL GOVERNMENT AGENCIES; INFORMATION SHARING; WEB SERVICES;

COMPUTER ARCHITECTURE; INFORMATION MANAGEMENT; MATHEMATICAL MODELS; NETWORK PROTOCOLS; SOFTWARE AGENTS; WORLD WIDE WEB; XML;

SECURITY OF DATA;

EID: 13844255241     PISSN: 15322882     EISSN: None     Source Type: Journal    
DOI: 10.1002/asi.20117     Document Type: Article

References (52)

1. Agrawal, R., Evfimievski, A., & Srikant, R. (2003). Information sharing across private databases. In A. Y. Halevy, Z. G. Ives, & A. Doan (Eds.), Proceedings of the ACM SIGMOD Data 2003 (pp. 86-97). New York: ACM.
2. Ahn, G., Chu, B., & Zhang, L. (2001). A role-based framework for health-care information systems. In R. Sandhu & T. Jaeger (Eds.), Proceedings of the ACM Symposium on Access Control Models and Technologies (pp. 153-162). New York: ACM.
3. Ajmani, S., Morris R., & Liskov, B. (2001). A trusted third-party computation service (Technical report MIT-LCS-TR-847). Cambridge, MA: MIT.
4. Akella, Y, Bilello, M., Dawson, S., De Capitani di Vimercati, S., Samarati, P., Lincoln, P., et al. (2000, January). Secure access wrapper: Mediating security between heterogeneous databases. Paper presented at the DARPA Information Survivability Conference and Exposition, Hilton Head, SC.
5. Asokan, N., & Shoup, V. (1998). Asynchronous protocols for optimistic fair exchange. In Proceedings of the IEEE Symposium on Research in Security and Privacy (pp. 86-99). Piscataway, NJ: IEEE.
6. April, C.A., & Fonseca, B. (2002). Monumental mission. InfoWorld. Retrieved July 27, 2003, from http://www.infoworld.com/article/02/09/06/ 020909ctgovt_l.html
7. Bao, F., Deng, R.H., & Mao, W. (1998). Efficient and practical fair exchange protocols with off-line TTP. In Proceedings of the IEEE Symposium on Research in Security and Privacy (pp. 86-99). Piscataway, NJ: IEEE.
8. Ben-Or, M., Goldreich, O., Micali, S., & Rivest, R.L. (1990). A fair protocol for signing contracts. IEEE Transactions on Information Theory, 36(1), 40-46.
9. Birbeck, M., Diamond, J., Duckett, J., Gudmundsson, O.G., Kobak, P., Lenz, E., et al. (2001). Professional XML (2nd ed.). Birmingham, UK: Wrox Press.
10. Blaze, M., Feigenbaum, J., Ioannidis, J., & Keromytis, A.D. (1996). Decentralized trust management. In the Proceedings of the 1996 IEEE Symposium on Security and Privacy (pp. 164-173). Piscataway, NJ: IEEE.
11. Blaze, M., Feigenbaum, J., Ioannidis, J., & Keromytis, A.D. (1999). The keynote trust-management system, version 2, Internet Engineering Task Force (IETF) Request for Comments (RFC) 2704. Retreived from http://www.faqs.org/rfcs/ rfc2704.html
12. Cameron, D. (1998). E-commerce security strategies: Protecting the enterprise. Charleston, SC: Computer Technology Research Group.
13. Champion, M.E. (2002). Web services architecture: W3C Working Draft, W3C. Retrieved July 27, 2003, from http://www.w3.org/TR/2002/WD-ws-arch-20021114
14. Chu, Y., Feigenbaum, J., LaMacchia, B., Resnick, P., & Strauss, M. (1997). REFEREE: Trust management for web applications. World Wide Web Journal, 2, 706-734.
15. Clarke, D., Elien, J., Ellison, C., Fredette, M., Morcos, A., & Rivest, R.L. (2001). Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 9(4), 285-322.
16. Cox, B., Sirbu, M., & Tygar, D. (1995, July). NetBill security and transaction protocol. Paper presented at the First USENIX Workshop on Electronic Commerce, New York.
17. Coyne, E.J., Feinstein, H.L., Sandhu, R., & Youman, C.E. (1996). Role-based access control models. IEEE Computer, 29(2), 38-47.
18. Damiani, E., Paraboschi, S., & Vimercati, S. (2002). A reputation-based approach for choosing reliable resources in peer-to-peer networks. In the Proceedings of the ACM Conference on Computer and Communications Security (pp. 207-216). New York: ACM.
19. Deng, R.H., Gong, L., Lazer, A.A., & Wang, W. (1996). Practical protocols for certified electronic mail. Journal of Network and System Management, 4(3), 279-297.
20. Donovan, J. (2002). U.S.: Congress probes FBI And CIA intelligence failures. RadioFreeEurope. Retrieved July 27, 2003, from http://ww.rferl.org/ nca/features/2002/06/05062002152908.asp
21. Ewald, T. (2002). The web services idea. Microsoft Corporation. Retrieved July 27, 2003, from http://msdn.microsoft.com/webservices/understanding/readme/ default.aspx
22. Federal CIO Council. (2002). E-gov enterprise architecture guidance (common reference model). FEA Working Group. Retrieved July 17, 2003, from http://www.cio.gov/documents/E-Gov_Guidance_July_25_Final_Draft_2_Oa.pdf
23. Federal Enterprise Architecture Program Management Office. (2002a). The business reference model version 1.0: A foundation for government wide improvement. Federal Architecture Program Management Office. Retrieved from http://www.feapmo.gov/resources/fea_brm_release_document_rev_l.pdf
24. Federal Enterprise Architecture Program Management Office. (2002b). The business reference model version 1.0: Agency Briefing. Federal Architecture Program Management Office. Retrieved July 27, 2003, from http://www.feapmo.gov/ fea_downloads.htm
25. Federal Enterprise Architecture Program Management Office. (2002c). Draft business reference model common response document. Federal Architecture Program Management Office. Retrieved July 27, 2003, from http://www.feapmo.gov/ fea_downloads.htm
26. Federal Enterprise Architecture Program Management Office. (2002d). Solution architects working group: Overview of missions and objectives. Federal Architecture Program Management Office. Retrieved July 27, 2003, from http://xml.gov/presentations/sawg/overview.ppt
27. Federal Enterprise Architecture Program Management Office. (2002e). Twenty four presidential priority e-govt initiatives. Federal Architecture Program Management Office. Retrieved July 27, 2003, from http://www.feapmo.gov/ fea.htm
28. Franklin, M.K., & Reiter, M.K. (1997). Fair exchange with a semi-trusted third party. In R. Graveman, P. Janson, C. Neumann, & L. Gong (Eds.), the Proceedings of the 4th ACM Conference on Computer and Communications Security (pp. 1-7). New York: ACM.
29. French, M. (2003). CIA, FBI wrangle over threat center. Federal Computer Week. Retrieved July 27, 2003, from http://www.fcw.com/fcw/articles/2003/0421/ web-ciafbi-04-23-03.asp
30. Gasser, M., & McDermott, E. (1990). An architecture for practical delegation in a distributed system. In the Proceedings of the IEEE Symposium on Research in Security and Privacy. Piscataway, NJ: IEEE.
31. Goldreich, O. (2001). Secure multi-party computation. Working draft, version 1.3. Retrieved from http://www.wisdom.weizmann.ac.il/~Oded/
32. Gollmann, D., & Zhou, J. (1996). A Fair Non-Repudiation Protocol. In the Proceedings of the IEEE Symposium on Research in Security and Privacy (pp. 55-61). Piscataway, NJ: IEEE.
33. Grosof, B.N., Feigenbaum, J., & Li, N. (2003). Delegation logic: A logic-based approach to distributed authorization. Proceedings of ACM Transactions on Information and Systems Security, 6(1), 128-171.
34. Halles, S., & Rahman, A. (1997). A Distributed Trust Model. In T. Haigh & B. Blakely (Eds.), the Proceedings of New Security Paradigm Workshop, ACM. New York: ACM.
35. Hess, A., Jacobson, J., Jarvis, R., Seamons, K.E., Smith, B., Yu, L. Yu, T., & Winslett, M. (2002). Negotiating trust on the web. IEEE Internet Computing 6(6), 30-37.
36. Hoque, F. (2000). e-Enterprise: Business models, architecture, and components. New York: Cambridge University Press.
37. Jarrell, D. (2002) The value of information sharing. Federal Computer Incident Response Center. Retrieved July 27, 2003, from http://www.fed-circ.gov
38. Jefferies, N., Mitchell, C., & Walker, M. (1995). A proposed architecture for trusted third party services. In E. Dawson & J. O. Golie (Eds.), Cryptography Policy and Algorithms Conference. Springer LNCS (Vol. 1029, pp. 98-104). Heidelberg, Germany: Springer.
39. Josang, A. (1996). The right type of trust for distributed systems. In T. Haigh, B. Blakey, M. E. Zurbo, & C. Meadows (Eds.), the Proceedings of New Security Paradigm Workshop, ACM. New York: ACM.
40. Josang, A. (1999). An algebra for assessing trust in certification chains. In S. Kent & G. Tsudik (Eds.), The Proceedings of Network and Distributed Systems Security Symposium. Reston, VA: The Internet Society.
41. Liu, L., & Xiong, L. (2003). A reputation-based trust model for peer-to-peer e-commerce communities. In the Proceedings of 4th ACM Conference on Electronic Commerce (pp. 228-229). New York: ACM.
42. Naor, M., & Nissim, K. (2001). Communication preserving protocols for secure function evaluation. In The Proceedings of the ACM Symposium on Theory of Computing (pp. 590-599). New York: ACM.
43. Naor, M., Pinkas, B., & Summer, R. (1999). Privacy preserving auctions and mechanism design. In The Proceedings of the 1st ACM Conference on Electronic Commerce (pp. 129-139). New York: ACM.
44. Open Resource Group. (1999). Technical reference model in detail. The Open Group. Retrieved July 27, 2003, from http://www.opengroup.org/architecture/ togaf7/presents/togaf_ovu.pdf
45. Osborn, S.L. (2002). Integrating role graphs: A tool for security integration. Data and Knowledge Engineering, 43(3), 317-333.
46. Seamons, K.E., Winslett, M., & Yu, T. (2001, February). Limiting the disclosure of access control policies during automated trust negotiation. Paper presented at the Network and Distributed System Security Symposium, San Diego, CA.
47. Skonnard, A. (2002). Understanding XML namespaces. DevelopMentor. Retrieved July 27, 2003, from http://msdn.microsoft.com/msdnmag/issues/01/07/ xml/default.aspx
48. Tygar, J.D. (1998, August). Atomicity versus anonymity: Distributed transactions for electronic commerce. Paper presented at the 24th VLDB Conference, New York.
49. Utanoff, L. (2002). An insider's look at homeland security and technology. PC Magazine. Retrieved July 27, 2003, from http://www.pcmag.com/ articled0,4149,652467,00.asp
50. Wolter, R. (2001). XML web services basics. Microsoft Corporation. Retrieved July 27, 2003, from http://msdn.microsoft.com/library/default.asp?url= /library/enus/dnwebsrv/html/webservbasics.asp
51. Yao, A.C. (1986, October). How to generate and exchange secrets. Paper presented at the 27th Annual Symposium on Foundations of Computer Science, Toronto, Canada.
52. York, S. (1997). Battling the cyberthreat. Wabash Magazine. Retrieved July 27, 2003, from http://www.wabash.edu/magazine/1997/fall/features/ face_of_conflict/cyber_threat.htm