Towards a framework of authentication and authorization patterns for ensuring availability in service composition

Proceedings - First International Conference on Availability, Reliability and Security, ARES 2006

Volumn 2006, Issue , 2006, Pages 206-215

  Rossebø, Judith E Y ^a   Bræk, Rolv ^b  

^a TELENOR RESEARCH   (Norway)

^b NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

PATTERN RECOGNITION; PRODUCT DESIGN; SECURITY OF DATA; SECURITY SYSTEMS; USER INTERFACES;

AUTHORIZATION PATTERNS; SERVICE COMPOSITION; SERVICE DEVELOPMENT;

COMPUTER NETWORKS;

EID: 33750954905     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2006.135     Document Type: Conference Paper

References (24)

1. W. A. Arbaugh, W. L. Fithen, and J. McHugh. Windows of vulnerability: A case study analysis. IEEE Computer, 33(12):52- 59, 2000.
2. C. Boyd and A. Mathuria. Protocols for Authentication and Key Establishment. Series: Information Security and Cryptography. Springer-Verlag, 2003.
3. F. L. Brown, J. Divietri Jr., G. D. Villegas, and E. D. Fernandez. The authenticates pattern. Proceedings of Pattern Language Programs (PLoP99), August 1999.
4. H. N. Castejón and R. Brask. Dynamic role binding in a service oriented architecture. In Proceedings of the 2005 IFIP International Conference on Intelligence in Communication Systems (INTELLCOMM2005), volume 190. Springer-Verlag, October 2005.
5. B. H. B. Cheng, S. Konrad, L. A. Cambell, and R. Wassermann. Using security patterns to model and analyze security requirements. In Proceedings of the 2nd International Workshop on Requirements for High Assurance Systems, 2003.
6. E. D. Fernandez and R. Warrier. Remote authenticator/authorisor. Presented at the 10th Conference on Pattern Language Programs (PLoP2003), August 2003.
7. D. F. Ferraiolo, D. R. Kuhn, and R. Chandramouli. Role-Based Access Control. Artech House, 2003.
8. J. Franks, P. Hallam-Baker, J. Hosteller, S. Lawrence, P. Leach, A. Luotonen, and L. Stewart. HTTP authentication: Basic and digest access authentication. RFC 2617, June 1999.
9. Z. Fu, F. Wu, H. Huang, K. Loh, F. Gong, I. Baldine, and C. Xu. IPsec/vpn security policy: Correctness, conflict detection, and resolution. In Proceedings of the International Workshop on Policies for Distributed Systems and Networks, pages 39-56. Springer-Verlag, 2001.
10. International Standards Organization. ISO/IEC 9798-4, Information technology - Security techniques - Entity Authentication Part 4: Mechanisms using a cryptographic check function, 1995.
11. International Standards Organization. ISO/IEC 9798-1, Information technology - Security techniques - Entity Authentication Part 1: General, 1997.
12. International Standards Organization. ISO/IEC 9798-3, Information technology - Security techniques - Entity Authentication Part 3: Mechanisms using digital signature techniques, 1998.
13. International Standards Organization. ISO/IEC 15408, Information technology - Security techniques - Evaluation criteria for IT Security, 1999.
14. International Standards Organization. ISO/IEC 9798-2, Information technology - Security techniques - Entity Authentication Part 2: Mechanisms using symmetric encipherment algorithms, 1999.
15. International Standards Organization. ISO/IEC 9798-5, Information technology - Security techniques - Entity Authentication Part 5: Mechanisms using zero knowledge techniques, 1999.
16. A. J. Menezes, O. C. van Oorchot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.
17. R. M. Needham and M. D. Schroeder. Using encryption for authentication in large networks of computers. In Communications of the ACM, pages 993-999, 1978.
18. Object Management Group. Unified Modeling Language. http://www.omg.org/ uml/.
19. J. E. Y. Rossebø and R. Bræk. Towards a framework of authentication and authorization patterns for ensuring availability in service composition. Research report 332, Department of Informatics, University of Oslo, April 2006.
20. J. E. Y. Rossebø, M. S. Lund, K. E. Husa, and A. Refsdal. A conceptual model for service availability. In Proceedings first Quality of Protection Workshop (QoP 2005). Springer-Verlag. To be published, 2006.
21. R. Sanders, H. N. Castejón, E Kraemer, and R. Bræk. Using UML 2.0 collaborations for compositional service specification. In MoDELS 2005, pages 460-475, 2005.
22. R. T. Sanders, R. Bræk, G. von Bochmann, and D. Amyot. Service discovery and component reuse with semantic interfaces. In 12th SDL Forum (SDL 2005). Springer-Verlag, 2005.
23. B. Schneier and D. W. Mudge. Cryptanalysis of microsoft's point-to-point tunnelling protocol (pptp). In Proceedings of the 5th ACM Conference on Communications and Computer Security, pages 132-141. ACM Press, 1998.
24. J. Yoder and J. Barcalow. Architectural patterns for enabling application security. Presented at the Conference on Pattern Language Programs (PLoP97), August 1997.