Integrating trust management and access control in data-intensive web applications

ACM Transactions on the Web

Volumn 6, Issue 2, 2012, Pages

  De Capitani Di Vimercati, Sabrina ^a   Foresti, Sara ^a   Jajodia, Sushil ^b   Paraboschi, Stefano ^c   Psaila, Giuseppe ^c   Samarati, Pierangela ^a  

^a UNIVERSITY OF MILAN   (Italy)

^b GEORGE MASON UNIVERSITY   (United States)

^c UNIVERSITY OF BERGAMO   (Italy)

Author keywords

Access control; Relational databases; Trust management

Indexed keywords

SECURITY OF DATA; WEB CRAWLER; WEB SERVICES; WEBSITES;

CREDENTIAL BASED ACCESS CONTROL; DATA-INTENSIVE WEB APPLICATIONS; PERFORMANCE IMPACT; PRIVATE ORGANIZATIONS; RELATIONAL DATABASE; TRUST MANAGEMENT; TRUST MANAGEMENT MODEL; WEB SERVICE INVOCATION;

ACCESS CONTROL;

EID: 84863623874     PISSN: 15591131     EISSN: 1559114X     Source Type: Journal    
DOI: 10.1145/2180861.2180863     Document Type: Article

References (48)

1. AGRAWAL, R., BIRD, P., GRANDISON, T., KIERNAN, J., LOGAN, S., AND RJAIBI, W. 2005. Extending relational database systems to automatically enforce privacy policies. In Proceedings of the 21st International Conference on Data Engineering.
2. BLAZE, M., FEIGENBAUM, J., IOANNIDIS, J., AND KEROMYTIS, A. 1999. The KeyNote trust management system (version 2). Internet RFC 2704. http://www.crypto.com/papers/rfc2704.txt.
3. BLAZE, M., FEIGENBAUM, J., AND LACY, J. 1996. Decentralized trust management. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA.
4. BONATTI, P. AND SAMARATI, P. 2002. A unified framework for regulating access and information release on the Web. J. Comput, Secur. 10, 3, 241-272.
5. BONNER, A. 1997. Transaction datalog: A compositional language for transaction programming. In Proceedings of the 6th International Workshop on Database Programming Languages.
6. BRANDS, S. 2000. Rethinking Public Key Infrastructure and Digital Certificates. MIT Press, Cambridge, MA.
7. CAMENISCH, J. AND LYSYANSKAYA, A. 2001. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In Proceedings of the 20th Annual International Conference on the Theory and Applications of Cryptographic Techniques.
8. CERI, S., FRATERNALI, P., PARABOSCHI, S., AND TANCA, L. 1994. Automatic generation of production rules for integrity maintenance. ACM Trans. Datab. Syst. 19, 3, 367-422.
9. CHAUDHURI, S., DUTTA, T., AND SUDARSHAN, S. 2007. Fine-grained authorization through predicated grants. In Proceeding of the 23rd IEEE International Conference on Data Engineering. IEEE, Los Alamitos, CA.
10. CHU, Y., FEIGENBAUM, J., LAMACCHIA, B., RESNICK, P., AND STRAUSS, M. 1997. REFEREE: Trust management for Web applications. World Wide Web J.l 2, 3, 127-139.
11. CLARKE, D., ELIEN, J., ELLISON, C., FREDETTE, M., MORCOS, A., AND RIVEST, R. 2001. Certificate chain discovery in SPKI/SDSI. J. Comput. Secur. 9, 4, 285-322. (Pubitemid 34063915)
12. DE CAPITANI DI VIMERCATI, S., JAJODIA, S., PARABOSCHI, S., AND SAMARATI, P. 2007. Trust management services in relational databases. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security. ACM, New York.
13. DIERKS, T. AND RESCORLA, E. 2008. The transport layer security (TLS) protocol (version 1.2). Internet RFC 5246. http://tools.ietf.org/rfc/rfc5246. txt.
14. ELLISON, C. 1999. SPKI requirements. Internet RFC 2692. http://www.ietf.org/rfc/rfc2692.txt.
15. ELLISON, C., FRANTZ, B., LAMPSON, B., RIVEST, R., THOMAS, B., AND LONEN, T. 1999. SPKI certificate theory. Internet RFC 2693. http://www.ietf.org/rfc/ rfc2693.txt.
16. FREIER, A. O., KARLTON, P., AND KOCHER, P. C. 1996. The SSL protocol (version 3.0). Netscape's final SSL3.0 draft. http://www.mozilla.org/projects/ security/pki/nss/ssl/draft302.txt.
17. HOUSLEY, R., POLK, W., FORD, W., AND SOLO, D. 2002. Internet X.509 public key infrastructure certificate and CRL profile. Internet RFC 3280. http://www.ietf.org/rfc/rfc3280.txt.
18. IRWIN, K. AND YU, T. 2005. Preventing attribute information leakage in automated trust negotiation. In Proceedings of the 12th ACM Conference on Computer and Communications Security. ACM, New York.
19. ISO. 1996. Database language SQL - part 2: Foundation (SQL/foundation) 1999. ISO International Standard, ISO/IEC9075.
20. KABRA, G., RAMAMURTHY, R., AND SUDARSHAN, S. 2006. Redundancy and information leakage in fine-grained access control. In Proceeding of the 2006 ACM SIGMOD International Conference on Management of Data. ACM, New York.
21. LEE, A., MINAMI, K., AND WINSLETT, M. 2007. Lightweight consistency enforcement schemes for distributed proofs with hidden subtrees. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. ACM, New York.
22. LEE, A. AND WINSLETT, M. 2006. Safety and consistency in policy-based authorization systems. In Proceedings of the 13th ACM Conference on Computer and Communications Security. ACM, New York.
23. LEE, A. AND WINSLETT, M. 2008a. Enforcing safety and consistency constraints in policy-based authorization systems. ACM Trans. Inf. Syst. Secur. 12, 2, 1-33.
24. LEE, A. AND WINSLETT, M. 2008b. Towards an efficient and language-agnostic compliance checker for trust negotiation systems. In Proceedings of the 3rd ACM Symposium on Information, Computer and Communications Security. ACM, New York.
25. LEE, A., WINSLETT, M., BASNEY, J., AND WELCH, V. 2008. The trust authorization service. ACM Trans. Inf. Syst. Secur. 11, 1, 1-33.
26. LI, J., LI, N., AND WINSBOROUGH, W. 2005a. Automated trust negotiation using cryptographic credentials. In Proceedings of the 12th ACM Conference on Computer and Communications Security. ACM, New York.
27. LI, N., MITCHELL, J., AND WINSBOROUGH, W. 2005b. Beyond proof-of compliance: Security analysis in trust management. J. ACM 52, 3, 474-514. (Pubitemid 43078378)
28. LI, N. AND MITCHELL, J. 2006. Understanding SPKI/SDSI using first-order logic. Int. J, Inf. Secur. 5, 1, 48-64. (Pubitemid 43650841)
29. LI, N., WINSBOROUGH, W., AND MITCHELL, J. 2003. Distributed credential chain discovery in trust management. J. Comput. Secur. 11, 1, 35-86.
30. LOCKHART, H., WISNIEWSKI, T., CANTOR, S., MISHRA, P., AND LIEN, J. 2007. Security assertion markup language (SAML) V2.0 tech. overview. OASIS working draft. http://www.oasisopen.org/committees/download.php/22553/sstc-saml-tech- overview-2200-draft-13.pdf.
31. LOWE, G. 1996. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Proceedings of the 2nd International Workshop on Tools and Algorithms for Construction and Analysis of Systems.
32. MURTHY, R. AND SEDLAR, E. 2007. Flexible and efficient access control in Oracle. In Proceedings of the ACM SIGMOD International Conference on Management of Data. ACM, New York.
33. NEEDHAM, R. M. AND SCHROEDER, M. D. 1978. Using encryption for authentication in large networks of computers. Comm. ACM 21, 12, 993-999.
34. OLSON, E., GUNTER, C., AND MADHUSUDAN, P. 2008. A formal framework for reflective database access control policies. In Proceedings of the 15th ACM Conference on Computer and Communications Security. ACM, New York.
35. REITH, M., NIU, J., AND WINSBOROUGH, W. 2007. Apply model checking to security analysis in trust management. In Proceedings of the 23rd International Workshop on Data Engineering.
36. RIVEST, R. AND LAMPSON, B. 1996. SDSI - A simple distributed security infrastructure. http://people.csail.mit.edu/rivest/sdsi10.html.
37. RYUTOV, T., ZHOU, L., NEUMAN, C., LEITHEAD, T., AND SEAMONS, K. 2005. Adaptive trust negotiation and access control. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies. ACM, New York.
38. SALTZER, J. AND SCHROEDER, M. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278-1308.
39. STONEBRAKER, M. 1987. The design of the POSTGRES storage system. In Proceedings of the 13th International Conference on Very Large Data Bases.
40. WANG, L., WIJESEKERA, D., AND JAJODIA, S. 2004. A logic-based framework for attribute based access control. In Proceedings of the ACM Workshop on Formal Methods in Security Engineering. ACM, New York.
41. WARNER, J., ATLURI, V., AND MUKKAMALA, R. 2005. An attribute graph-based approach to map local access control policies to credential based access control policies. In Proceedings of the 1st International Conference on Information Systems Security.
42. WINSBOROUGH, W. AND LI, N. 2006. Safety in automated trust negotiation. ACM Trans. Inf. Syst. Secur. 9, 3, 352-390. (Pubitemid 44728678)
43. WINSLETT, M., CHING, N., JONES, V., AND SLEPCHIN, I. 1997. Using digital credentials on the World Wide Web. J. Comput. Secur. 5, 3, 255-267.
44. WINSLETT, M., YU, T., SEAMONS, K., HESS, A., JACOBSON, J., JARVIS, R., SMITH, B., AND YU, L. 2002. Negotiating trust on the Web. IEEE Internet Comput. 6, 6, 30-37.
45. YU, T., MA, X., AND WINSLETT, M. 2000. PRUNES: An efficient and complete strategy for automated trust negotiation over the internet. In Proceedings of the 7th ACM Conference on Computer and Communications Security. ACM, New York.
46. YU, T. AND WINSLETT, M. 2003. A unified scheme for resource protection in automated trust negotiation. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA.
47. YU, T., WINSLETT, M., AND SEAMONS, K. 2001. Interoperable strategies in automated trust negotiation. In Proceedings of the 8th ACM Conference on Computer and Communications Security. ACM, New York.
48. YU, T., WINSLETT, M., AND SEAMONS, K. 2003. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inf. Syst. Secur. 6, 1, 1-42.