Solving the transitive access problem for the services oriented architecture

ARES 2010 - 5th International Conference on Availability, Reliability, and Security

Volumn , Issue , 2010, Pages 46-53

  Karp, Alan H ^a   Li, Jun ^a  

^a HEWLETT PACKARD LABORATORIES   (United States)

Author keywords

ABAC; Access control; PBAC; RBAC; SOA; Web services; ZBAC

Indexed keywords

ABAC; ACCESS CONTROL MECHANISM; ACCESS DECISION; MANAGED SERVICE; SERVICE COMPOSITIONS; SERVICES ORIENTED ARCHITECTURE;

SECURITY SYSTEMS; WEB SERVICES;

ACCESS CONTROL;

EID: 77952417674     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2010.34     Document Type: Conference Paper

References (37)

1. Aura, Tuomas. Distributed Access-Rights Management with Delegation Certificates. [ed.] J. Vitek and C. D. Jensen. Secure Internet Programming - Security Issues for Distributed and Mobile Objects. s.l.: Springer, 1999, Vol. Lecture Notes in Computer Science 1603, pp. 211-235.
2. Black, S. and Varadharajan, V., "An Analysis of the Proxy Problem," HP Labs Tech. Report HPL-90-163, 1990.
3. Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A., "The Role of Trust Management in Distributed Systems Security." Chapter in Secure Internet Programming: Security Issues for Mobile and Distributed Objects, (Vitek and Jensen, eds.) Springer-Verlag, 1999.
4. Chadwick, D. W., Otenko, S., and Nguyen, T. A., "Adding Support to XACML for Dynamic Delegation of Authority in Multiple Domains," Proc. of the IFIP Intl Conf. on Communications and Multimedia Security, pp. 67-86, 2006.
5. Close, T., "web-key: Mashing with Permission", IEEE W2SP 2008: Web 2.0 Security and Privacy. May 2008.
6. Dennis, J. B. and Van Horn, E. C., "Programming Semantics for Multiprogrammed Computations" Comm. ACM, 9(3):143-155, 1966.
7. DISA, "A Security Architecture for Net-Centric Enterprise Services (NCES)", Defense Information Systems Agency, March 2004.
8. Donnelley, J. "A Distributed Capability Computing System (DCCS)", Third International Conf. on Computer Communication, Toronto, Canada, August 3-6, 1976.
9. C. Ellison, "SPKI Requirements", IETF RFC 2692, September 1999.
10. Farrell, S. and Housley, R. "An Internet Attribute Certificate Profile for Authorization", IETF RFC 3281, April 2002.
11. th National Computer Security Conf.: 554-563, 1992.
12. Fielding, R. T., "Architectural Styles and the Design of Network-based Software Architectures"; Doctoral dissertation, University of California, Irvine; 2000.
13. Foster, I., Kesselman, C., Pearlman, L., Tuecke, S., and Welch, V., "The Community Authorization Service: Status and Future", In Proc. of Computing in High Energy Physics. (CHEP'03) 2003.
14. Freudenthal, E., Pesin, T., Keenan, Port, E. L. and Karamcheti, V., "dRBAC: Distributed Role-Based Access Control for Dynamic Coalition Environments", Proc. of the Intl. Conf. on Distributed Computing Systems (ICDCS), 2002.
15. Graham, S., Karmarkar, A., Mischinsky, J., Robinson, I., and Sedukhin, I., eds., "Web Services Resource 1.2", http://docs.oasis-open.org/ wsrf/wsrf-ws-resource-1.2-spec-os.pdf, 2006.
16. Hardy, N., "The Confused Deputy", Operating Systems Reviews, 22(4), 1988.
17. Hirsch, F., ed., "ID-WSF 2.0 SecMech SAML Profile, Version v2.0", http://www.projectliberty.org/liberty/content/download/894/6258/ file/liberty-idwsf-security-mechanisms-saml-profile-v2.0.pdf
18. Karp, A. H. "E-speak E-xplained", CACM, 46(7):113-118, July 2003.
19. Karp, A. H., "Authorization Based Access Control for the Services Oriented Architecture", Proc. 4th Int. Conf. on Creating, Connecting and Collaborating through Computing (C5 2006), Berkeley, CA, IEEE Press, January 2006.
20. Karp, A. H., Haury, H., and Davis, M. H. "From ABAC to ZBAC: The Evolution of Access Control Models", HP Labs Technical Report HPL-2009-30, February 2009.
21. Lampson, B., "Protection", Proc. 5th Princeton Conf. on Information Sciences and Systems, p 437, Princeton, 1971.
22. Lampson, B., "Practical Principles for Computer Security", In Software System Reliability and Security, Proceedings of the 2006 Marktoberdorf Summer school.
23. Levin, R. E. "The Global Information Grid and Challenges Facing Its Implementation", GAO-04-858, 2004.
24. Li, J. and Karp, A. H., "Access Control for the Services Oriented Architecture", ACM Workshop on Secure Web Services, ACM #459074, pp. 9-17, Fairfax, VA, November 2007.
25. McGraw, R. W., "Securing Content in the Department of Defense's Global Information Grid", Secure Knowledge Management Workshop, Buffalo, NY, September, 2004.
26. MIT, "Kerberos: The Network Authentication Protocol", http://web.mit.edu/kerberos/, June 2009.
27. Miller, M. S., "Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control", Doctoral Dissertation, Johns Hopkins University, 2006.
28. Neuman, B. C., "Proxy-Based Authorization and Accounting for Distributed Systems", Proc. of the Intl. Conf. on Distributed Computing Systems (ICDCS), 1993.
29. OASIS, "Security Assertion Markup Language (SAML) 2.0 Technical Overview", Working Draft 05, 10 May 2005.
30. OAUTH, http://oauth.net
31. Open Group, CDSA Explained, An indispensable guide to Common Data Security Architecture, The Open Group, 2001.
32. PlanetLab, http://www.planet-lab.org/
33. Saltzer, J. H. and Schroeder, M. D. "The Protection of Information in Computer Systems", Proc. of the IEEE, 63(9):1278.1308, 1975.
34. Sollins, K. R., "Cascaded Authentication", Proc. of the IEEE Symposium on Research in Security and Privacy, pp. 156-163, 1988.
35. Tom, A., Eaton, B. Hardt, D., Goland, Y., "Web Resource Authorization Protocol (WRAP), Version 0.9.7.1", http://groups.google.com/ group/WRAP-WG, November 2009.
36. Stiegler, M., Yee, K-P., Close, T. and Karp, A. H. "Polaris: Virus Safe Computing for Windows XP", Comm. ACM, 49(9):83-88, September 2006.
37. Welch, V., Foster, I., Kesselman, C., Mulmo, O., Pearlman, L., Tuecke, Gawor, J., Meder, S., and Siebenlist, F., "X.509 Proxy Certificates for Dynamic Delegation", Proceedings of the 3rd Annual PKI R&D Workshop, 2000.