A trustworthy usage control enforcement framework

International Journal of Mobile Computing and Multimedia Communications

Volumn 5, Issue 3, 2013, Pages 34-49

  Neisse, Ricardo ^a   Pretschner, Alexander ^b   Di Giacomo, Valentina ^c  

^a FRAUNHOFER IESE   (Germany)

^b TECHNICAL UNIVERSITY OF MUNICH   (Germany)

^c ENGINEERING INGEGNERIA INFORMATICA S P A   (Italy)

Author keywords

Framework; Policy Enforcement; Security; Trusted Computing; Usage Control

Indexed keywords

FRAMEWORK; POLICY ENFORCEMENT; SECURITY; TRUSTED COMPUTING; USAGE CONTROL;

COMPUTER NETWORKS;

MOBILE COMPUTING;

EID: 84893260044     PISSN: 19379412     EISSN: 19379404     Source Type: Journal    
DOI: 10.4018/jmcmc.2013070103     Document Type: Article

References (25)

1. Apache. (2011). The apache software foundation - ServiceMix. Retrieved from http://servicemix.apache.org
2. Dax, C., Klaedtke, F., & Lange, M. (2009). On regular temporal logics with past. In Proceedings of the 36th International Colloquium on Automata, Languages and Programming: Part ii (icalp). Berlin, Heidelberg, Germany: Springer-Verlag.
3. Finney, H. (2011). Privacy ca. Retrieved from http://www.privacyca.com
4. Garfinkel, T. (2003). Traps and pitfalls: Practical problems in system call interposition based security tools. In Proceedings of the Network and Distributed Systems Security Symposium.
5. Gheorghe, G., Neuhaus, S., & Crispo, B. (2010, Jun). xESB: An enterprise service bus for access and usage control policy enforcement. In the Proceedings of the Fourth International Conference on Trust Management (ifiptm10).
6. Havelund, K., & Rosu, G. (2004, Aug). Efficient monitoring of safety properties. International Journal of Software Tools Technology Transfer.
7. Hilty, M., Pretschner, A., Basin, D., Schaefer, C., & Walter, T. (2007). A policy language for distributed usage control. In Computer security (ESORIC 2007) (Vol. 4734).
8. Katt, B., Zhang, X., Breu, R., Hafner, M., & Seifert, J.-P. (2008). A general obligation model and continuity: enhanced policy enforcement engine for usage control. In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies.
9. Koymans, R., Vytopil, J., & de Roever, W. P. (1983). Real-time programming and asynchronous message passing. In Proceedings of the Second Annual ACM Symposium on Principles of Distributed Computing (PODC). New York, NY: ACM.
10. Kumari, P., Pretschner, A., Peschla, J., & Kuhn, J. (2011). Distributed data usage control for web applications: A social network implementation. In Proceedings 1st ACM Conference on Data and Application Security and Privacy (CODASPY). Retrieved from http://www22.in.tum.de
11. Laroussinie, F., Markey, N., & Schnoebelen, P. (2002). Temporal logic with forgettable past. In Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science (LICS). Washington, DC: IEEE Computer Society.
12. Leucker, M., & Schallhart, C. (2009). A brief account of runtime verification. Journal of Logic and Algebraic Programming, 78(5), 293-303. doi:10.1016/j.jlap.2008.08.004.
13. Luckham, D. (2008). The power of events: An introduction to complex event processing in distributed enterprise systems. In Rule representation, interchange and reasoning on the web. Springer. doi:10.1007/978-3-540-88808-6-2.
14. MASTER. (2012). Managing assurance, security, and trust for services. Retrieved from http://www.master-fp7.eu
15. Meredith, P. O., Jin, D., Griffith, D., Chen, F., & Rosu, G. (2011). An overview of the mop runtime verification framework. International Journal on Software Tools for Technology Transfer (STTT). Retrieved from http://fsl.cs.uiuc.edu
16. Neisse, R., Holling, D., & Pretschner, A. (2011). Implementing trust in cloud infrastructures. In Proceedings of the 11th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing, CCGRID 2011. Retrieved from http://www22.in.tum.de
17. Neisse, R., Pretschner, A., & Di Giacomo, V. (2011). A trustworthy usage control enforcement framework. In Proceedings of the Sixth International Conference on Availability, Reliability and Security (ARES 2011). Retrieved from http://ricardo.neisse.name
18. OASIS. (2012). Open service component architecture (sca). Retrieved from http://www.oasis-opencsa.org/sca
19. Park, J., & Sandhu, R. (2004). The UconABC usage control model. ACM Transactions on Information and System Security. doi:10.1145/984334.984339.
20. Pretschner, A., Buechler, M., Harvan, M., Schaefer, C., & Walter, T. (2009). Usage control enforcement with data flow tracking for x11. In Proceedings of the 5th International Workshop on Security and Trust Management (pp. 124-137).
21. Pretschner, A., Hilty, M., Basin, D., Schaefer, C., & Walter, T. (2008). Mechanisms for usage control. In Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS).
22. Pretschner, A., Ruesch, J., Schaefer, C., & Walter, T. (2009). Formal analyses of usage control policies. In Proceedings of the International Conference on Availability, Reliability and Security (ARES).
23. Provos, N. (2003). Improving host security with system call policies. In Proceedings of the 12th Usenix Security Symposium.
24. Rissanen, E. (2010). Extensible access control markup language v3.0. Retrieved from http://docs.oasis-open.org.
25. Twidle, K., Lupu, E., Dulay, N., & Sloman, M. (2008, June). Ponder2 - A policy environment for autonomous pervasive systems. In Proceedings of the IEEE Workshop on Policies for Distributed Systems and Network (POLICY) (p. 245-246).