Methods and limitations of security policy reconciliation

Proceedings - IEEE Symposium on Security and Privacy

Volumn 2002-January, Issue , 2002, Pages 73-87

  MDaniel, P ^a   Prakash, A ^b  

^a AT AND T LABS RESEARCH   (United States)

^b UNIVERSITY OF MICHIGAN   (United States)

Author keywords

Privacy; Security

Indexed keywords

COMPUTATIONAL LINGUISTICS; DATA PRIVACY;

DESIGN AND IMPLEMENTATIONS; POLICY LANGUAGE; POLICY MODEL; SECURITY; SECURITY POLICY;

SECURITY SYSTEMS;

EID: 4544277634     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SECPRI.2002.1004363     Document Type: Conference Paper

References (33)

1. D. Balenson, D. Branstad, P. Dinsmore, M. Heyman, and C. Scace. Cryptographic Context Negotiation Template. Technical Report TISR #07452-2, TIS Labs at Network Associates, Inc., February 1999.
2. Y. Bartal, A. J. Mayer, K. Nissim, and A. Wool. Firmato: A novel firew allmanagement toolkit. In IEEE Symposium on Security and Privacy, pages 17-31, 1999.
3. S. Bellovin. Distributed Firewalls, ;login:, pages 39-47, 1999.
4. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The Role of Trust Management in Distributed Systems Security. In Secure Internet Programming: Issues in Distributed and Mobile Object Systems, volume 1603, pages 185-210. Springer-Verlag Lecture Notes in Computer Science State-of-the-Art series, 1999. New York, NY.
5. M. Blaze, J. Feigenbaum, and J. Lacy Decentralized Trust Managemeit. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164-173, November 1996.Los Alamitos.
6. M. Blaze, J. Feignbaum, J. Ioannidis, and A. Keromytis. The KeyNote Trust Management System - Version 2. Internet Engineering Task Force, September 1999. RFC 2704.
7. D. C. Blight and T. Hamada. Policy-Based Networking Architecture for QoS Interw orking in IP Management. In Proceedings of Integrated network management VI, Distributed Management for the Networked Millennium, pages 811-826. IEEE, 1999.
8. D. Branstad and D. Balenson. Policy-Based Cryptographic Key Management: Experience with the KRP Project. In Proceedings of DARPA Information Survivability Conference and Exposition(DISCEX '00), pages 103-114. DARPA, January 2000.
9. L. Cholvy and F. Cuppens. Analyzing Consistancy of Security Policies. In 1997 IEEE Symposium on Security and Privacy, pages 103-112. IEEE, May 1997. Oakland, CA.
10. Y. Chu, J. Feigenbaum,B. LaMacchia, P. Resnick, and M. Strauss. REFEREE: Trust Management for Web Applications. In Proceedings of Financial Cryptography '98, volume 1465, pages 254-274, Anguilla, British West Indies, February 1998.
11. S. Cook. The Complexity of Theorem-Proving Procedures. In Proceedings of 3th Annual ACM Symposium on Theorey of Computing, pages 151-158. ACM, 1971.
12. W. Diffie and M. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, IT-22(6):644-654, November 1976.
13. P. Dinsmore, D. Balenson, M. Heyman, P. Kruus, C. Scace, and A. Sherman. Policy-Based Security Management for Large Dynamic Groups: A Overview of the DCCM Project. In Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX '00), pages 64-73. DARPA, January 2000. Hilton Head, S.C.
14. D. Durham, J. Boyle, R. Cohen, S. Herzog, R. Rajan, and A. Sastry. RFC 2748, The COPS (Common Open Policy Service) Protocol. Internet Engineering Task Force, January 2000.
15. M. R. Carey and D. S. Johnson. Computers and Intractibility, A Guide to the Theory of NP-Completeness. W. H. Freeman and Co., New York, NY, first edition, 1979.
16. M. R. Carey, D. S. Johnson, and L. Stockmeyer. Some Simplified NP-Complete Graph Problems. The oetical Computer Science, (1):237-267, 1976.
17. L. Gong and X. Qian. The Complexity and Composability of Secure Interoperation. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 190-200, Oakland, California, May 1994. IEEE.
18. R. Greenlaw, H. Hoover, and W. Ruzzo. Limits to Parallel Computation: P-Completeness Theory. Oxford University Press, first edition, 1995.
19. D. Harkins and D. Carrel. The Internet Key Exchange. Internet Engineering Task Force, November 1998. RFC 2409.
20. M. Hiltunen. Configuration Management for Highly-Customizable Software. IEE Proceedings: Software, 145(5):180-188, 1998.
21. R. Housley, W. Ford, W. Polk, and D. Solo. Internet X.509 Public Key Infrastructure Certificate and CRL Profile. Internet Engineering Task Force, January 1999. RFC 1949.
22. S. Jajodia, P. Samarati, and V. Subrahmanian. A Logical Language for Expressing Authorizations. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 31-42, Oakland, CA, March 1997.
23. S. Kent and R. Atkinson. Security Architecture for the Internet Protocol. Internet Engineering Task Force, November 1998. RFC 2401.
24. T. Leighton and S. Micali. Secret-key Agreement without Public-Key Cryptography. In Proceedings of Crypto 93, pages 456-479, August 1994.
25. X. Liu, C. Kreitz, R. van Renesse, J. Hickey, M. Hayden, K. Birman, and R. Constable. Building Reliable High-Performance Communication Systems from Components. In Proceedings of 17th ACM Symposium on Operating Systems Principles (SOSP'99), volume 33, pages 80-92. ACM, 1999.
26. P. McDaniel. Policy Management in Secure Group Communication. PhD thesis, Univeristy of Michigan, Ann Arbor, MI, August 2001.
27. P. McDaniel, A. Prakash, and P. Honeyman. Antigone: A Flexible Framework for Secure Group Communication. In Proceedings of the 8th USENIX Security Symposium, pages 99-114, August 1999.
28. P. McDaniel, A. Prakash, J. Irrer, S. Mittal, and T. Thuang. Flexibly Constructing Secure Groups in Antigone 2.0. In Proceedings of TARPA Information Survivability Conference and Exposition II, pages 55-67. IEEE, June 2001.
29. T. Ryutov and C. Neuman. Representation and Evaluation of Security Policies for Distributed System Services. In Proceedings of DARPA Information Survivability Conference and Exposition, pages 172-183, Hilton Head, South Carolina, January 2000. DARPA.
30. T. J. Schaefer. The Complexity of Satisfiability Problems. In Proceedings of 10th Annual ACM Symposium on Theorey of Computers, pages 216-226. ACM, 1978. New York, New York.
31. T. Woo and S. Lam. Authorization in Distributed Systems; A New Approach. Journal of Computer Security, 2(2-3):107-136, 1993.
32. T. Woo and S. Lam. Designing a Distributed Authorization Service. In Proceedings of INFOCOM '98, San Francisco, March 1998. IEEE.
33. J. Zao, L. Sanchez, M. Condell, C. Lynn, M. Fredette, P. Helinek, P. Krishnan, A. Jackson, D. Mankins, M. Shepard, and S. Kent. Domain Based Internet Security Policy Management. In Proceedings of DARPA Information Survuvability Conference and Exposition, pages 41-53. DARPA, January 2000.