HiPoLDS: A security policy language for distributed systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7322 LNCS, Issue , 2012, Pages 97-112

  Dell'Amico, Matteo ^a   Serme, Gabriel ^b   Idrees, Muhammad Sabir ^a   Santana De Olivera, Anderson ^b   Roudier, Yves ^a  

^a EURECOM   (France)

^b SAP RESEARCH   (France)

Author keywords

[No Author keywords available]

Indexed keywords

BUSINESS ANALYSTS; DISTRIBUTED SYSTEMS; ERROR PRONES; EXECUTION ENVIRONMENTS; HIERARCHICAL POLICY; MULTIPLE STAKEHOLDERS; POLICY ENFORCEMENT; REFERENCE MONITORS; SECURITY ADMINISTRATOR; SECURITY POLICY;

SECURITY SYSTEMS; SPECIFICATIONS;

NETWORK SECURITY;

EID: 84863490553     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-30955-7_10     Document Type: Conference Paper

References (25)

1. Bauer, L., Ligatti, J., Walker, D.: A language and system for composing security policies. Tech. Rep. TR-699-04. Princeton University (2004)
2. Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: Design and semantics of a decentralized authorization language. J. of Computer Security 18(4), 619-665 (2010)
3. Bonatti, P.A., di Vimercati, S.D.C., Samarati, P.: An algebra for composing access control policies. ACM Trans. Inf. Syst. Secur. 5(1), 1-35 (2002)
4. Bunge, R., Chung, S., Endicott-Popovsky, B., McLane, D.: An operational framework for service oriented architecture network security. In: Proc. HICCS, p. 312 (2008)
5. CISCO ACE XML Gateway (2010), http://www.cisco.com/en/US/products/ps7314/ index.html
6. Cuppens, F., Cuppens-Boulahia, N., Ramard, T.: Availability enforcement by obligations and aspects identification. In: Proc. ARES, pp. 229-239 (2006)
7. Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18-38. Springer, Heidelberg (2001)
8. Dantas, D.S., Walker, D.: Harmless advice. In: Morrisett, J.G., Jones, S.L.P. (eds.) POPL, pp. 383-396. ACM (2006)
9. Dell'Amico, M., Idrees, M.S., Roudier, Y., de Oliveira, A.S., Serme, G., Harel, G.: Language definition for security specifications. Deliverable D2.2, The CESSA project (May 2011), http://cessa.gforge.inria.fr/lib/exe/fetch.php? media=publications:d2-2.pdf
10. Douence, R., Grall, H., Mejía, I., Royer, J.C., Südhold, M., Idrees, M.S., Roudier, Y., Leroux, J., Rivard, F., Pazzaglia, J., Serme, G.: Survey and requirements analysis. Deliverable D1.1, The CESSA project (June 2010), http://cessa.gforge.inria.fr/lib/exe/fetch.php?media=publications:d1-1. pdf
11. Dougherty, D.J., Kirchner, C., Kirchner, H., de Oliveira, A.S.: Modular Access Control Via Strategic Rewriting. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 578-593. Springer, Heidelberg (2007)
12. Gruschka, N., Luttenberger, N.: Protecting web services from DOS attacks by SOAP message validation. Security and Privacy in Dynamic Environments (2006)
13. Sabir Idrees, M., Serme, G., Roudier, Y., de Oliveira, A.S., Grall, H., Südholt, M.: Evolving Security Requirements in Multi-layered Service-Oriented-Architectures. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 190-205. Springer, Heidelberg (2012)
14. Li, J.X., Li, B., Li, L., Che, T.S.: A policy language for adaptive web services security framework. In: ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, vol. 1, pp. 261-266 (2007)
15. Moses, T. (ed.): Extensible access control markup language (xacml) version 2.0. Tech. rep. OASIS Standard (2005)
16. Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9(4), 410-442 (2000)
17. CITRIX NetScaler (2010), http://www.citrix.com/english/ps2/products/ product.asp?contentid=21679
18. von Oheimb, D., Mödersheim, S.: ASLan++ - A Formal Security Specification Language for Distributed Systems. In: Aichernig, B.K., de Boer, F.S., Bonsangue, M.M. (eds.) FMCO 2011. LNCS, vol. 6957, pp. 1-22. Springer, Heidelberg (2011)
19. de Oliveira, A.S., Wang, E.K., Kirchner, C., Kirchner, H.: Weaving rewrite-based access control policies. In: Ning, P., Atluri, V., Gligor, V.D., Mantel, H. (eds.) FMSE, pp. 71-80. ACM (2007)
20. Ribeiro, C., Ferreira, P.: A policy-oriented language for expressing security specifications. International Journal of Network Security 5(3), 299-316 (2007)
21. Ribeiro, C., Zuquete, A., Ferreira, P., Guedes, P.: SPL: An access control language for security policies with complex constraints. In: Proc. of NDSS (2001)
22. Room, S.I.I.R.: XML Firewall Architecture and Best Practices for Configuration and Auditing (2007), http://www.sans.org/reading room/whitepapers/firewalls/xml-firewall-architecture-practices-configuration- auditing 1766
23. Serban, C., Zhang, W., Minsky, N.: A decentralized mechanism for application level monitoring of distributed systems. In: 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom 2009, pp. 1-10. IEEE (2009)
24. Singhal, A., Winograd, T., Scarfone, K.: Guide to Secure Web Services. NIST Publication
25. Song, E., Reddy, R., France, R.B., Ray, I., Georg, G., Alexander, R.: Verifiable composition of access control and application features. In: Ferrari, E., Ahn, G.J. (eds.) SACMAT, pp. 120-129. ACM (2005) (Pubitemid 43087468)