A policy-oriented language for expressing security specifications

International Journal of Network Security

Volumn 5, Issue 3, 2007, Pages 299-316

  Ribeiro, Carlos ^a   Ferreira, Paulo ^a  

^a INESC   (Portugal)

Author keywords

Authorization; Coherency; History; Obligation; Policy

Indexed keywords

AUTHORIZATION; AUTHORIZATION POLICY; COHERENCY; GLOBAL SECURITY; OBLIGATION; POLICY ENFORCEMENT; POLICY-ORIENTED; PROTECTED OBJECT; SECURITY ACCESS; SECURITY MODEL; SECURITY POLICY; SINGLE POINT;

ACCESS CONTROL; HISTORY; PUBLIC POLICY; SECURITY SYSTEMS; SPECIFICATIONS;

JAVA PROGRAMMING LANGUAGE;

EID: 79951871897     PISSN: 1816353X     EISSN: 18163548     Source Type: Journal    
DOI: None     Document Type: Article

References (53)

1. G. J. Ahn and R. Sandhu, "Role-based authorization constraints specification," ACM Transactions on Information and System Security, vol. 3, no. 4, pp. 207-226, Nov. 2000.
2. S. Farrell, J. Vollbrecht, P. Calhoun, L. Gommans, G. Gross, B. d. Bruijn, C. d. Laat, M. Holdrege, and D. Spence, AAA Authorization Requirements, RFC2906, 2000.
3. S. M. Bellovin, "Distributed firewalls," ;login: magazine, special issue on security, Nov. 1999.
4. E. Bertino, C. Bettini, E. Ferrari, and P. Samarati, "An access control model supporting periodicity con-straints and temporal reasoning," ACM Transactions on Database Systems, vol. 23, no. 3, pp. 231-285, Sep. 1998.
5. E. Bertino, F. Buccafurri, E. Ferrari, and P. Rullo, "A logical framework for reasoning on data access control policies," in Proceedings of the IEEE Computer Security Foundations Workshop, pp. 175-191, IEEE Computer Society Press, Jul. 1999.
6. E. Bertino, B. Catania, E. Ferrari, and P. Perlasca, "A system to specify and manage multipolicy ac-cess control models," in 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), pp. 116-127, IEEE Computer So-ciety Press., Monterey, CA, USA, June 2002.
7. E. Bertino, B. Catania, E. Ferrari, and P. Perlasc, "A logical framework for reasoning about access con-trol models," ACM Transactions on Information and System Security, vol. 6, no. 1, pp. 71-127, Feb. 2003.
8. E. Bertino, S. Jajodia, and P. Samarati, "Support-ing multiple access control policies in database sys-tems," in Proceedings of the IEEE Symposium on Security and Privacy, pp. 94-109, IEEE Computer Society Press, Oakland, CA, May 1996.
9. W. R. Bevier, and W. D. Young, A Constraint Language for Adage, Technical report, Computational Logic, Inc., April 1997.
10. M. Blaze, J. Feigenbaum, and J. Ionnidis, The KeyNote Trust-Management System Version, Tech-nical report, Internet RFC 2704, Sep. 1999.
11. M. Blaze, J. Feigenbaum, and J. Lacy, "Decentral-ized trust management, in Proceedings of the IEEE Symposium on Security and Privacy, pp. 164-173, IEEE Computer Society Press, Oakland, CA, May 1996.
12. P. Bonatti, S. d. C. d. Vimercati, and P. Samarati, "An algebra for composing access control policies," ACM Transactions on Information and System Security , vol. 5, no. 1, pp. 1-35, Feb. 2002.
13. David F. Brewer and Michael J. Nash, "The Chi-nese wall security policy," in Proceedings of the IEEE Symposium on Security and Privacy, pp. 206-214, IEEE Computer Society Press, Oakland, CA, May 1989.
14. B. Chellas, Modal Logic, Camdbridge University Press, 1980.
15. F. Chen and R. Sandhu, "Constraints for role-based access control," in ACM Workshop on Role-Based Access Control, 1995.
16. J. Crampton, "Specifying and enforcing constraints in role-based access control," in Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT-03), pp. 43-50, ACM Press, New York, Jun. 2-3 2003.
17. F. Cuppens and C. Saurel, "Specifying a security pol-icy: A case study," in Proceedings of the IEEE Computer Security Foundations Workshop, pp. 123-135, IEEE Computer Society Press, 1996.
18. N. Damianou, N. Dulay, E. Lupu, and M. Sloman, "The Ponder policy specification language," in Policy 2001: Workshop on Policies for Distributed Systems and Networks, LNCS 1995, pp. 17-28, Springer-Verlag, Bristol, UK, Jan. 2001.
19. P. Dias, C. Ribeiro, and P. Ferreira, "Enforcing history-based security policies in mobile agent sys-tems," in Proceedings of the IEEE 4th International Workshop on Policies for Distributed Systemsand Networks, pp. 231-234, IEEE Computer Society Press, Lake Como (Italy), 2003.
20. G. Edjlali, A. Acharya, and V. Chaudhary, "History-based access control for mobile code," in 5th ACM Conference on Computer and Communications Security , pp. 38-48, ACM Press, San Francisco, Cali-fornia, Nov. 1998.
21. C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B.M. Thomas, and T. Ylonen, SPKI Certificate Theory , Internet RFC 2693, Sep. 1999.
22. D. F. Ferraiolo, D. R. Kuhn, and R. Chandramouli, Role-Based Access Control, Artech House, 2003.
23. T. F. Wirth, "Theory and practice of constraint han-dling rules, special issue on constraint logic program-ming," Journal of Logic Programming, pp. 95-138, Oct. 1998.
24. P. Gama, C. Ribeiro, and P. Ferreira, "Heimdhal: A history-based policy engine for grids," in 6th IEEE International Symposium on Cluster Computing and Grid, Singapore, May 2006.
25. P. Gama, C. Ribeiro, and P. Ferreira, "A scalable history-based policy engine," in IEEE Workshop on Policies for Distributed Systems and Networks, On-tario CANADA, 2006.
26. S. Godik and T. Moses, "OASIS eXtensible access control markup language (XACML), OASIS draft version 16, Aug. 2002.
27. J. Gray and A. Reuter, Transaction Processing: Concepts and Techniques, Data Management Sys-tems, Morgan Kaufmann Publishers, Inc., SanMateo (CA), USA, 1993.
28. A. Herzberg, Y. Mass, J. Mihaeli, D. Naor, and Y. Ravid, "Access control meets public key infras-tructure, or: Assigning roles to strangers," in Proceedings of the IEEE Symposium on Security and Privacy, pp. 2-14, IEEE Computer Society Press, May 2000.
29. IBM Corporation, Entrepise Security Architecture Using Tivoli Security Solutions, 2002.
30. Sotiris Ioannidis, Security Policy Consistency and Distributed Evalution in Heterogeneous Environments , PhD thesis, University of Pennsylvania, 2005.
31. S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subramanian, "Flexible support for multiple access control policies," ACM Trans. on Database Systems, vol. 26, no. 2, pp. 214-260, Jun. 2001.
32. S. Jajodia, P. Samarati, and V. S. Subrahmanian, "A logical language for expressing authorizations," in Proceedings of the IEEE Symposium on Security and Privacy, pp. 31-43, IEEE Computer Society Press, Oakland, CA, May 1997.
33. H. James, R. Pandey, and K. Levitt, Security Policy Specification Using a Graphical Approach, Technical Report CSE-98-3, University of California, Davis De-partment of Computer Science, 1998.
34. A. D. Keromytis, S. Ioannidis, M. Greenwald, and J. Smith, "The STRONGMAN architecture," in Proceedings, DARPA Information Survivability Confernce and Exhibition, vol. 1, pp. 178-188, IEEE press, Apr. 2003.
35. K. Loney and G. Koch, Oracle 8i -The Complete Reference, McGraw Hill, 2000.
36. E. Lupu and M. Sloman, "A policy based role object model," in First International Enterprise Distributed Object Computing Workshop (EDOC'97), pp. 36-47, Gold Coast, Queensland, Australia, Oct. 1997.
37. N. H. Minsky and V. Ungureanu, "Law-governed in-teraction: a coordination and control mechanism for heterogeneous distributed systems," ACM Transactions on Software Engineering and Methodology, vol. 9, no. 3, pp. 273-305, Jul. 2000.
38. C. Ribeiro, Uma Plataforma Para Poíiticas de Autoriza ç~ao Para Organizaç~oes, PhD thesis, Instituto Superior Técnico, Lisbon, Portugal, Jul. 2002.
39. C. Ribeiro, P. Ferreira, A. Zuquete, and P. Guedes, "Security policy consistency," in CL2000 -First Workshop on Rule-Based Constraint Reasoning and Programming, Imperial College, London, UK, Jul. 2000.
40. C. Ribeiro, A. Zuquete, and P. Ferreira, "En-forcing obligation with security monitors," in The Third International Conference on Information and Communication Security (ICICS'2001), pp. 172-176, Springer Verlag, Xi'an, China, November 2001.
41. C. Ribeiro, A. Zuquete,P. Ferreira, and P. Guedes, "Spl: An access control language for security poli-cies with complex constraints," in Network and Distributed System Security Symposium (NDSS'01), col-orredpp. ?, San Diego, California, Feb. 2001.
42. R. L. Rivest and B. Lampson, "SDSI -A sim-ple distributed security infrastructure," Presented at CRYPTO'96 Rumpsession, colorredpp. ?, 1996.
43. R. Sandhu, "Separation of duties in computarized information systems," in Proceedings of the IFIP WG11.3 Workshop on Database Security, pp. 179-190, Halifax, UK, Sep. 18-21 1990.
44. R. Sandhu, "Lattice-based access control models," IEEE Computer, vol. 26, no. 11, pp. 9-19, Nov. 1993.
45. R. Sandhu, E. Coyne, H. Feinstein, and C. Youman, "Role-based access control models," Computer, vol. 29, no. 2, pp. 38-47, Feb. 1996.
46. F. B. Schneider, "Enforceable security policies," ACM Transactions on Information and System Security , vol. 3, no. 1, pp. 30-50, Feb. 2000.
47. R. Simon and M. E. Zurko, Adage: An Architecture for Distributed Authorization, Technical report, OSF Research Institute, Cambridge, 1997.
48. R. Simon, and M. E. Zurko, "Separation of duty in role-based environments," in Proceedings of the IEEE Computer Security Foundations Workshop, pp. 183-194, IEEE Computer Society Press, Jun. 1997.
49. D. A. Solomon, and M. E. Russinovich, Inside Microsoft Windows 2000, Microsoft Press, 2000.
50. D. Wijesekera and S. Jajodia, "A propositional pol-icy algebra for access control," ACM Transactions on Information and System Security, vol. 6, no. 2, pp. 286-325, 2003.
51. T. Y. C. Woo and S. S. Lam, "Authorization in dis-tributed systems: A formal approach," in Proceedings of the IEEE Symposium on Security and Privacy , pp. 33-51, IEEE Computer Society Press, May 1992.
52. L. Zhang, G. J. Ahn, and B. T. Chug, "A rule-based framework for role-based delegation and revocation," ACM Transactions on Information and System Security , vol. 6, no. 3, pp. 404-441, 2003.
53. M. E. Zurko, R. Simon, and T. Sanfilipo, "A user-centered, modular authorization service built on an RBAC foundation," in Proceedings of the IEEE Symposium on Security and Privacy, pp. 57-73. IEEE Computer Society Press, May 1999.