X-FEDERATE: A policy engineering framework for federated access management

IEEE Transactions on Software Engineering

Volumn 32, Issue 5, 2006, Pages 330-345

  Bhatti, Rafae ^a,b   Bertino, Elisa ^a,b   Ghafoor, Arif ^a,b  

^a IEEE   (United States)

^b PURDUE UNIVERSITY   (United States)

Author keywords

Federated systems; Role based access control; Security management; Software engineering

Indexed keywords

FEDERATED SYSTEMS; ROLE-BASED ACCESS CONTROL; SECURITY MANAGEMENT;

ACCESS CONTROL; DIGITAL LIBRARIES; INFORMATION MANAGEMENT; SECURITY OF DATA; SOFTWARE DESIGN; XML;

SOFTWARE ENGINEERING;

EID: 33947157642     PISSN: 00985589     EISSN: None     Source Type: Journal    
DOI: 10.1109/TSE.2006.49     Document Type: Article

References (33)

1. R. Bhatti, J.B.D. Joshi, E. Bertino, and A. Ghafoor, "X-GTRBAC: An XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control," ACM Trans. Information and System Security (TISSEC), vol. 8, no. 2, 2005.
2. R. Bhatti, J.B.D. Joshi, E. Bertino, and A. Ghafoor, "X GTRBAC Admin: A Decentralized Administration Model for Enterprise Wide Access Control," Proc. Ninth ACM Symp. Access Control Models and Technologies, June 2004.
3. M. Blaze, J. Feigenbaum, and A.D. Keromytis, "KeyNote: Trust Management for Public-Key Infrastructures," Proc. Security Protocols Int'l Workshop, pp. 59-63, 1998.
4. D. Carlson, Modeling XML Applications with UML: Practical e-Business Applications. Addison-Wesley, 2001.
5. D.D. Clark and D.R. Wilson, "A Comparison of Commercial and Military Computer Security Policies," Proc. IEEE Symp. Security and Privacy, pp. 184-194, Apr. 1987.
6. D.W. Chadwick and A. Otenko, "The PERMIS X.509 Role Based Privilege Management Infrastructure," Proc. Seventh ACM Symp. Access Control Models and Technologies, 2002
7. N. Damianou, N. Dulay, E. Lupu, and M Sloman, "The Ponder Specification Language," Proc. Workshop Policies for Distributed Systems and Networks (Policy2001), Jan. 2001.
8. C.M. Ellison, "SPKI Requirements," RFC 2692, Internet Eng. Task Force Draft IETF, Sept. 1999, http://www.ietf.org/rfc/rfc2692.txt.
9. T. Fink, M. Koch, and K. Pauls, "An MDA Approach to Access Control Specifications Using MOF and Profiles," Proc. First Int'l Workshop Views on Designing Complex Architectures (VODCA), 2004.
10. A. Herzberg, Y. Mass, J. Mihaeli, D. Naor, and Y. Ravid, "Access Control Meets Public Key Infrastructure, or: Assigning Roles to Strangers," Proc. 2000 IEEE Symp. Security and Privacy, pp. 2-14, 2000.
11. J.B.D. Joshi, R. Bhatti, E. Bertino, and A. Ghafoor, "An Access Control Language for Multi-Domain Environments," IEEE Internet Computing, vol. 8, no. 6, pp. 40-50, Nov./Dec. 2004.
12. J.B.D. Joshi, E. Bertino, U. Latif, and A. Ghafoor, "Generalized Temporal Role Based Access Control Model (GTRBAC)," IEEE Trans. Knowledge and Data Eng., vol. 17, no. 1, Jan. 2005.
13. J. Jürjens, "UMLsec: Extending UML for Secure Systems Development," Proc. Fifth Int'l Conf. Unified Modeling Language, pp. 412-425, 2002.
14. S. Kent and R. Atkinson, "Security Architecture for the Internet Protocol," RFC 2401, Internet Eng. Task Force Draft IETF, Nov. 1998, http://www.ietf.org/rfc/rfc2401.txt.
15. A. Keromytis, S. Ioannidis, M. Greenwald, and J. Smith, "The STRONGMAN Architecture," Proc. Third DARPA Information Survivability Conf. and Exposition (DISCEX III), Apr. 2003.
16. N. Li, J.C. Mitchell, and W.H. Winsborough, "Design of a Role-Based Trust Management Framework," Proc. 2002 IEEE Symp. Security and Privacy, May 2002.
17. T. Lodderstedt, D.A. Basin, and J. Doser, "SecureUML: A UMLbased Modeling Language for Model-Driven Security," Proc. Fifth Int'l Conf. Unified Modeling Language, pp. 426-441, 2002.
18. E. Lupu and M. Sloman, "Conflicts in Policy-Based Distributed Systems Management," IEEE Trans. Software Eng., vol. 25, no. 6, Nov./Dec. 1999.
19. L. Lymberopoulos, E. Lupu, and M. Sloman, "An Adaptive Policy Based Management Framework for Network Services Management," J. Networks and Systems Management, special issue on policy based management of networks and services, vol. 11, no. 3, Sept. 2003.
20. R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, "Role-Based Access Control Models," Computer, vol. 29, no. 2, pp. 38-47, 1996.
21. D. Seamon, "A Case for Federated Digital Library," http://www.educause.edu/ir/library/pdf/erm0348.pdf, 2003.
22. M. Thompson, A. Essiari, and S. Mudumbai, "Certificate-Based Authorization Policy in a PKI Environment," ACM Trans. Information and System Security, (TISSEC), vol. 6, no. 4, pp. 566-588, Nov. 2003.
23. A. Tsiolakis, "Consistency Analysis of UML Class and Sequence Diagrams Based on Attributed Typed Graphs and Their Transformation," Technical Report No. 2000/3, Technische Universität Berlin, Mar. 2000.
24. T. Verdickt, B. Dhoedt, F. Gielen, and P. Demeester, "Automatic Inclusion of Middleware Performance Attributes into Architectural UML Software Models," IEEE Trans. Software Eng., vol. 31, no. 8, Aug. 2005.
25. S.D.C. di Vimercati and P. Samarati, "Access Control in Federated Systems," Proc. ACM New Security Paradigm Workshop, pp. 87-99, 1996.
26. Department of Defense Directive No. 8320.2, Dec. 2004, http://www.fas.org/irp/doddir/dod/d8320_2.pdf.
27. DMTF Common Information Model, http://www.dmtf.org/standards/cim/, 2005
28. OASIS SAML, http://xml.coverpages.org/saml.html, 2004.
29. OASIS XACML, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev= xacml, 2005.
30. Web Services Roadmap, http://www-128.ibm.com/developerworks/library/ specification/ws-secmap/, 2002.
31. Shibboleth, http://shibboleth.internet2.edu/docs/draft-mace-shibboleth- arch-protocols-latest.pdf, 2001.
32. Liberty Alliance, http://www.projectliberty.org/resources/specifications. php, 2005.
33. Resource Access Decision (RAD), Version 1,0, Object Management Group, 2001.