Access Control Policies and Languages in Open Environments

Advances in Information Security

Volumn 33, Issue , 2007, Pages 21-58

  De Capitani di Vimercati, S ^a   Foresti, S ^a   Jajodia, S ^b   Samarati, P ^a  

^a UNIVERSITY OF MILAN   (Italy)

^b George Mason University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84875664448     PISSN: 15682633     EISSN: None     Source Type: Book Series    
DOI: None     Document Type: Chapter

References (53)

1. Abadi M, Lamport L (1992). Composing specifications. ACM Transactions on Programming Languages, 14(4): 1-60.
2. Ardagna CA, Damiani E, De Capitani di Vimercati S, Samarati P (2004). XML-based access control languages. Information Security Technical Report.
3. Atkinson B, Della Libera GD, et al. (2002). Web services security (WS-Security). http://msdn.microsoft.com/library/en-usldnglobspec/htm.s-security.asp.
4. Bell D (1994). Modeling the multipolicy machine. In Proc. of the New Security Paradigm Workshop, Little Compton, Rhode Island, USA.
5. Bertino E, Bettini C, Ferrari E, Samarati P (1998). An access control model supporting periodicity constraints and temporal reasoning. ACM Transactions on Database Systems, 23(3):23 1-285.
6. Bertino E, Bonatti P, Ferrari E (2001). TRBAC: a temporal role-based access control method. ACM Transactions on Information and System Security, 4(3): 191-223.
7. Bertino E, Jajodia S, Samarati P (1999). A flexible authorization mechanism for relational data management systems. ACM Transactions on Information Systems, 17(2):101-140.
8. Blaze M, Feigenbaum J, Lacy J (1996). Decentralized trust management. In Proc. of the 1996 IEEE Symposiumon Security and Privacy, Oakland, CA, USA.
9. Bonatti P, De Capitani di Vimercati S, Samarati P (2002). An algebra for composing access control policies. ACM Transactions on Information and System Security, 5(1):1-35.
10. Bonatti P, Samarati P (2002). A unified framework for regulating access and information release on the web. Journal of Computer Security, 10(3):241-272.
11. Box D, et al. (2003). Web services policy assertions language (WS-PolicyAssertions) version 1.1. http://msdn.microsoft.com/library/en-us/dnglobspectmI/wspo1icyassertions. asp.
12. Box D, et al. (2003). Web Services Policy Attachment (WS-PolicyAttachment) version 1.1. http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-policyattachment.asp.
13. Box D, et al. (2003). Web services policy framework (WS-Policy) version 1.1. http://msdn.microsoft.com/library/en-us/dnglobspeclhtmws-policy.asp.
14. Damiani E, De Capitani di Vimercati S, Paraboschi S, Samarati P (2000). Securing XML documents. In Proc. of the 2000 International Conference on Extending Database Technology (EDBT2000), Konstanz, Germany.
15. Damiani E, De Capitani di Vimercati S, Paraboschi S, Samarati P (2002). A fine-grained access control system for XML documents. ACM Transactions on Information and System Security, 5(2): 169-202.
16. DeTreville J (2002). Binder, a logic-based security language. In Proc. of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA, USA.
17. extensible Access Control Markup Language (XACML) Version 2.0 (2004). extensible Access Control Markup Language (XACML) Version 2.0. OASIS. http://www.oasisopen. org/committees/xacml.
18. Farrell S, Housley R (2002). An internet attribute certificate profile for authorization. RFC 3281.
19. Ferraiolo D, Kuhn R (1992). Role-based access controls. In Proc. of the 15th NIST-NSA National Computer Security Conference, Baltimore, Maryland.
20. Gabillon A (2004). An authorization model for XML databases. In Proc. of the ACM Workshop Secure Web Services, George Mason University, Fairfax, VA, USA.
21. Gabillon A, Bruno E (2001). Regulating access to XML documents. In Proc. of the Fifteenth Annual IFIP WG 11.3 Working Conference on Database Security, Niagara on the Lake, Ontario, Canada.
22. Gelfond M, Lifschitz V (1988). The stable model semantics for logic programming. In Proc, of the 5th International Conference and Symposium on Logic Programming, Cambridge, Massachusetts.
23. Gladman B, Ellison C, Bohm N (1999). Digital signatures, certificates and electronic commerce. http://jya.cornlbgldigsig.pdf.
24. Hosmer H (1992). Metapolicies 11. In Proc. of the 15th National Computer Security Conference, Baltimore, MD.
25. Jaeger T (2001). Access control in configurable systems. Lecture Notes in Computer Science, 1603:289-3 16.
26. Jajodia S, Samarati P, Sapino ML, Subrahmanian VS (2001). Flexible support for multiple access control policies. ACM Transactions on Database Systems, 26(2):214-260.
27. Jajodia S, Samarati P, Subrahmanian VS, Bertino E (1997). A unified framework for enforcing multiple access control policies. In Proc, of the 1997 ACM International SIGMOD Conference on Management of Data, Tucson, AZ.
28. Jim T (2001). Sd3: A trust management system with certified evaluation. In Proc. of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA, USA.
29. Kudoh M, Hirayama Y, Hada S, Vollschwitz A (2000). Access control specification based on policy evaluation and enforcement model and specification language. In Symposium on Cryptograpy and Information Security (SCIS'2000), Japan.
30. Landwehr CF (1981). Formal models for computer security. ACM Computing Surveys, 13(3):247-278.
31. Li N, Feigenbaum J, Grosof B (1999). A logic-based knowledge representation for authorization with delegation. In Proc. of the 12th IEEE Computer Security Foundations Workshop, Washington, DC, USA.
32. Li N, Grosof B, Feigenbaum J (2003). Delegation logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security, 6(1): 128-171.
33. Li N, Mitchell JC (2003). Datalog with constraints: A foundation for trust-management languages. In Proc. of the Fifth International Symposium on Practical Aspects of Declarative Languages (PADL 2003), New Orleans, LA, USA.
34. Li N, Mitchell JC, Winsborough WH (2002). Design of a role-based trust-management framework. In Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA, USA.
35. McLean J (1988). The algebra of security. In Proc. of the 1988 IEEE Computer Society Symposium on Security and Privacy, Oakland, CA, USA.
36. Ryutov T, Zhou L, Neuman C, Leithead T, Seamons KE (2005). Adaptive trust negotiation and access control. In Proc. of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden.
37. Samarati P, De Capitani di Vimercati S (2001). Access control: Policies, models, and mechanisms. In Focardi R, Gorrieri R, editors, Foundations of Security Analysis and Design, LNCS 2171. Springer-Verlag.
38. Seamons KE, Winsborough W, Winslett M (1997). Internet credential acceptance policies. In Proc. of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium.
39. Security Assertion Markup Language (SAML) V1. l (2003). Security Assertion Markup Language (SAMLJ V1.l. OASIS. http://www.oasis-open.org/committees/security/.
40. Sterling L, Shapiro E (1997). The art of Prolog. MIT Press, Cambridge, MA.
41. Subrahmanian V, Adali S, Brink A, Lu J, Rajput A, Rogers T, Ross R, Ward C. Hermes: heterogeneous reasoning and mediator system. http:Nwww.cs.umd.eduIprojects/hermes.
42. The XACML Profile for Hierarchical Resources (2004). The XACML Profile for Hierarchical Resources. OASIS. http:Nwww.oasis-38930pen.org/committees/xacml.
43. van der Horst TW, Sundelin T, Seamons KE, Knutson CD (2004). Mobile trust negotiation: Authentication and authorization in dynamic mobile networks. In Proc. of the Eighth IFIP Conference on Communications and Multimedia Security, Lake Windermere, England.
44. Web services security policy (WS-SecurityPolicy) (2002). Web services security policy (WS-SecurityPolicy). http:Nwww-106.ibm.com/developerworks/library/ws-secpo/.
45. Wijesekera D, Jajodia S (2003). A propositional policy algebra for access control. ACM Transactions on Information and System Security, 6(2):286-325.
46. Winsborough W, Seamons KE, Jones V (2000). Automated trust negotiation. In Proc. of the DARPA Information Survivability Conf. & Exposition, Hilton Head Island, SC, USA.
47. Winslett M, Ching N, Jones V, Slepchin I(1997). Assuring security and privacy for digital library transactions on the web: Client and server security policies. In Proc. of the ADL '97-Forum on Research and Tech. Advances in Digital Libraries, Washington, DC.
48. Woo TYC, Lam SS (1993). Authorizations indistributed systems: A new approach. Journal of Computer Security, 2(2,3):107-136.
49. World Wide Web Consortium (W3C) (2004). extensible Markup Language (XML) 1.0 (Third Edition). World Wide Web Consortium (W3C). http://www.w3.org/TR/REC-xml.
50. Yu T, Ma X, Winslett M (2000). An efficient complete strategy for automated trust negotiation over the Internet. In Proc. of the 7th ACM Computer and Communication Security, Athens, Greece.
51. Yu T, Winslett M (2003). A unified scheme for resource protection in automated trust negotiation. In Proc, of the IEEE Symposium on Security and Privacy, Berkeley, California.
52. Yu T, Winslett M, Seamons KE (2001). Interoperable strategies in automated trust negotiation. In Proc. of the 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania.
53. Yu T, Winslett M, Seamons KE (2003). Supporting structured credentials and sensitive policies trough interoperable strategies for automated trust. ACM Transactions on Information and System Security, 6(1):1-42.