A technical architecture for enforcing usage control requirements in service-oriented architectures

SWS'07 - Proceedings of the 2007 ACM Workshop on Secure Web Services

Volumn , Issue , 2007, Pages 18-25

  Berthold, Agreiter ^a   Alam, Muhammad ^a   Breu, Ruth ^a   Hafner, Michael ^a   Pretschner, Alexander ^b   Seifert, Jean Pierre ^a,c   Zhang, Xinwen ^c  

^a UNIVERSITY OF INNSBRUCK   (Austria)

^b ETH ZURICH   (Switzerland)

^c SAMSUNG INFORMATION SYSTEMS AMERICA   (United States)

Author keywords

access control; policies; SOA; trusted computing; usage control

Indexed keywords

ACCESS CONTROL POLICIES; CLIENT-SIDE APPLICATION; JAVA VIRTUAL MACHINES; MODEL DRIVEN APPROACH; REMOTE CLIENTS; SOFTWARE STACKS; TECHNICAL ARCHITECTURE; TRUSTED COMPUTING; USAGE CONTROL;

COMPUTER SOFTWARE; INFORMATION SERVICES; JAVA PROGRAMMING LANGUAGE; SAILING VESSELS; SECURITY SYSTEMS; WEB SERVICES;

ACCESS CONTROL;

EID: 70349250946     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1314418.1314422     Document Type: Conference Paper

References (31)

1. SUN XACML Implementation . Available at sunxacml.sourceforge.net.
2. Trusted computing group (tcg). https://www.trustedcomputinggroup.org/ specs/.
3. M. Alam, R. Breu, and M. Breu. Model Driven Security for Web Services (MDS4WS). In Proc. INMIC, 2004.
4. M. Alam, M. Hafner, J.-P. Siefert, and X. Zhang. Extending SELinux Policy Model and Enforcement Architecture for Trusted Platforms Paradigms. Accepted for Annual SELinux Symposium.
5. R. Anderson. Security in open versus closed systems - the dance of Boltzmann, Coase and Moore. In Open Source Software Economics 2002, 2002.
6. S. Bajaj. Web services policy framework (wspolicy). March 2006, Version 1.2.
7. R. Breu and G. Popp. Actor-centric modelling of access rights. In FASE 2004. Springer LNCS Vol. 2984, p. 165-179, 2004.
8. D. Eastlake and J. Reagle. XML Encryption Syntax and Processing. W3C Rec. 10/12/2002.
9. D. Eastlake and J. Reagle. XML-Signature Syntax and Processing. W3C Rec. 12/02/2002.
10. D. Grawrock. The Intel Safer Computing Initiative Building Blocks for Trusted Computing. Intel Press, http://www.intel.com/intelpress/sum-secc.htm, 2005.
11. M. Gudgin, M. Hadley, N. Mendelsohn, J. Moreau, and C. Nielsen. Soap version 1.2 part 1: Messaging framework. W3C Recommendation 24 June 2003.
12. V. Haldar, D. Chandra, and M. Franz. Semantic remote attestation - a virtual machine directed approach to trusted computing.
13. M. Hilty, A. Pretschner, C. Schaefer, and T. Walter. Enforcement for Usage Control: A System Model and a Policy Language for Distributed Usage Control. Technical Report I-ST-20, DoCoMo EuroLabs, 2006.
14. M. Hilty, A. Pretschner, C. Schaefer, and T. Walter. Usage control requirements in mobile and ubiquitous computing applications. In Proc. of Intl. Conf. on Systems and Networks Communications, 2006.
15. T. Jaeger, R. Sailer, and U. Shankar. PRIMA: Policy-reduced Integrity Measurement Arch. In Proc. 11th ACM symp. on Access Control Models and Technologies, pages 19-28, 2006.
16. M. Alam et al. Modeling Permissions in a (U/X)ML World. In IEEE ARES, 2006.
17. M. Hafner, M. Alam, R. Breu. A MOF/QVT-based Domain Architecture for Model Driven Security . In IEEE/ACM Models 2006 LNCS 4199.
18. H. Maruyama, F. Seliger, N. Nagaratnam, T. Ebringer, S. Munetho, and S. Yoshihama. Trusted platform on demand. Technical report, IBM Research, 2006.
19. OSGI Alliance. OSGi - The Dynamic Module System for Java. www.osgi.org.
20. J. Park and R. Sandhu. The UCON ABC Usage Control Model. ACM Transactions on Information and Systems Security, 7:128-174, 2004.
21. S. Pearson. Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River, NJ, USA, 2002.
22. A. Pretschner, M. Hilty, and D. Basin. Distributed usage control. Communications of the ACM, 49(9):39-44, September 2006.
23. A. Pretschner, F. Massacci, and M. Hilty. Usage Control in Service-Oriented Architectures. In Proc. TrustBus, 2007. To appear.
24. A. Sadeghi and C. Stï¿ 1/2 ble. Property-based attestation for computing platforms. Caring about properties, not mechanisms. In Proceedings of the workshop on new security paradigms, pages 67-77, 2004.
25. R. Sailer, T. Jaeger, X. Zhang, and L. van Doorn. Attestation-based policy enforcement for remote access. In Proc. CCS '04, pages 308-317.
26. R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a tcg-based integrity measurement architecture. In USENIX Security Symp., 2004.
27. SAML 2.0 Specification. http://www.oasis-open.org/committees/tc-home.php? wg-abbrev=security.
28. Z. Song, S. Lee, and R. Masuoka. Trusted web service. In The Second Workshop on Advances in Trusted Computing (WATC '06 Fall), 2006.
29. XACML 2.0 Specification Set. http://www.oasisopen.org/committees/tc-home. php?wg-abbrev=xacml.
30. S. Yoshihama, T. Ebringer, M. Nakamura, S. Munetoh, and H. Maruyama. WS-Attestation: Efficient and Fine-Grained Remote Attestation on Web Services. In Proceedings of the IEEE Int. Conf. on Web Services (ICWS'05), pages 743-750, Washington, DC, USA, 2005. IEEE Computer Society.
31. X. Zhang, F. Parisi-Presicce, and R. Sandhu. Towards remote security enforcement for runtime protection of mobile code using trusted computing. In Proc. of the 1st Int. Workshop on Security (IWSEC), 2006. LNCS Kyoto, Japan.