Security-by-contract for web services

SWS'07 - Proceedings of the 2007 ACM Workshop on Secure Web Services

Volumn , Issue , 2007, Pages 90-98

  Dragoni, Nicola ^a   Massacci, Fabio ^a  

^a UNIVERSITY OF TRENTO   (Italy)

Author keywords

automated trust negotiation; security by contract; web services

Indexed keywords

AUTOMATED TRUST NEGOTIATION; CLASSICAL APPROACH; NEGOTIATION FRAMEWORK; NEGOTIATION PROTOCOL; NEGOTIATION STRATEGY; PERSONAL ATTRIBUTES; SECURITY-BY-CONTRACT; SERVICE PROVIDER; TRUST NEGOTIATIONS;

ACCESS CONTROL; INTELLIGENT AGENTS; INTERNET PROTOCOLS;

WEB SERVICES;

EID: 50149088324     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1314418.1314433     Document Type: Conference Paper

References (20)

1. C. Altenschmidt, J. Biskup, U. Flegel, and Y. Karabulut. Secure mediation: Requirements, design, and architecture. JCS, 11(3):365-398, 2003.
2. T. Aura and M. Roe. Designing the mobile ipv6 security protocol. Annales des Télécommunications, 61(3-4):332-356, 2006.
3. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proc. of IEEE SS&P'96, pages 164-173. IEEE Press, 1996.
4. P. Bonatti and P. Samarati. A unified framework for regulating access and information release on the web. JCS, 10(3):241-272, 2002.
5. D. W. Chadwick and A. Otenko. The PERMIS X.509 role-based privilege management infrastructure. In Proc. of SACMAT'02, pages 135-140. ACM Press, 2002.
6. N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder policy specification language. In Proc. of POLICY'01, pages 18-38. Springer, 2001.
7. N. Dragoni, F. Massacci, K. Naliuka, and I. Siahaan. Security-by- contract: Toward a semantics for digital signatures on mobile code. In Proc. of EuroPKI'07, pages 297-312. Springer-Verlag, 2007.
8. C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylonen. SPKI Certificate Theory, September 1999. IETF RFC 2693.
9. R. Heckel and M. Lohmann. Towards contract-based testing of web services. In Proc. of the Int. Workshop on Test and Analysis of Component Based Systems (TACoS 2004), volume 82 of ENTCS. Elsevier Sci., 2004.
10. H. Koshutanski and F. Massacci. An access control framework for business processes for web services. In XMLSEC '03: Proceedings of the 2003 ACM workshop on XML security, pages 15-24. ACM Press, 2003.
11. H. Koshutanski and F. Massacci. A negotiation scheme for access rights establishment in autonomic communication. J. of Net. and Sys. Managment, 15(1):117-136, 2007.
12. J. Li, N. Li, and W. H. Winsborough. Automated trust negotiation using cryptographic credentials. In Proc. of CCS'05, pages 46-57. ACM Press, 2005.
13. L. Lymberopoulos, E. Lupu, and M. Sloman. An adaptive policy based framework for network services management. J. of Net. and Sys. Managment, 11(3):277-303, 2003.
14. M. Mecella, M. Ouzzani, F. Paci, and E. Bertino. Access control enforcement for conversation-based web services. In Proc. of WWW'06, pages 257-266. ACM Press, 2006.
15. T. Sandholm. Distributed rational decision making. In G. Weiss, editor, Multiagent Systems, pages 201-259. The MIT Press, Cambridge, Massachusetts, 1999.
16. K. Seamons and W. Winsborough. Automated trust negotiation. Technical report, US Patent and Trademark Office, 2002. IBM Corporation, patent application filed March 7, 2000.
17. R. Sekar, V. Venkatakrishnan, S. Basu, S. Bhatkar, and D. DuVarney. Model-carrying code: a practical approach for safe execution of untrusted applications. In Proc. of ACM SOSP'03., pages 15-28. ACM Press, 2003.
18. M. Sloman and E. Lupu. Policy specification for programmable networks. In Proce. of the 1st Int. Working Conf. on Active Networks, pages 73-84. Springer, 1999.
19. W. Yao. Trust management for widely distributed systems. PhD thesis, Univ. of Cambridge, Computer Laboratory, 2004. Technical report UCAM-CL-TR-608, ISSN 1476-2986.
20. T. Yu, M. Winslett, and K. E. Seamons. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. TISSEC, 6(1):1-42, 2003.