State-based security policy enforcement in component based e-commerce applications

IFIP Advances in Information and Communication Technology

Volumn 105, Issue , 2003, Pages 195-210

  Herrmann, Peter ^a   Wiebusch, Lars ^a   Krumm, Heiko ^a  

^a TU DORTMUND UNIVERSITY   (Germany)

Author keywords

Component security; Security policy enforcement; Security wrappers

Indexed keywords

APPLICATION PROGRAMS; COMPLIANCE CONTROL; COST EFFECTIVENESS; E-GOVERNMENT; ELECTRONIC COMMERCE; SECURITY SYSTEMS;

BEHAVIOR CONSTRAINTS; COMPONENT BEHAVIOR; COMPONENT SECURITY; E-COMMERCE APPLICATIONS; EMPLOYMENT CONTRACTS; SECURITY POLICY ENFORCEMENT; SECURITY WRAPPERS; SOFTWARE COMPONENT TECHNOLOGY;

NETWORK SECURITY;

EID: 84904244303     PISSN: 18684238     EISSN: None     Source Type: Book Series    
DOI: None     Document Type: Conference Paper

References (30)

1. Avolio, F. M. and Ranum, M. J. (1994). A Network Perimeter with Secure External Access. In Proceedings of the Internet Society Symposium on Network and Distributed System Security, Glenwood.
2. Bershad, B., Savage, S., Pardyak, P., Sirer, E. G., Becker, D., Fiuczynski, M., Chambers, C., and Eggers, S. (1995). Extensibility, safety, and performance in the SPIN operating system. In Proceedings of the 15th Symposium on Operating System Principles, pages 267-284. ACM.
3. Beugnard, A., Jezequel, J.-M., Plouzeau, N., and Watkins, D. (1999). Making Components Contract Aware. IEEE Computer, 32(7):38-45.
4. Biskup, J. and Eckert, C. (1994). About the enforcement of state dependent security specifications. In Keefe, T. and Landwehr, C., editors, Database Security, pages 3-17. Elsevier Science (NorthHolland).
5. cXML (2001). cXML User's Guide. cXML.org, 1.2.006 edition.
6. DISA (2001). Xl2 Standard. Data Interchange Standards Association, release 4050 edition.
7. Ferrari, E., Samarati, P., Bertino, E., and Jajodia, S. (1997). Providing flexibility in information flow control for object-oriented systems. In Proceedings of the IEEE Symposium on Security and Privacy, pages 130-140, Oakland.
8. Fraser, T., Badger, L., and Feldman, M. (1999). Hardening COTS Software with Generic Software Wrappers. In Proceedings of the 1999 IEEE Symposium on Security and Privacy.
9. Goldberg, I., Wagner, D., Thomas, R., and Brewer, E. (1996). A Secure Environment for Untrusted Helper Applications. In Proceedings of the 6th USENIX Security Symposium.
10. Herrmann, P. (2001). Trust-Based Procurement Support for Software Components. In Proceedings of the 4th International Conference on Electronic Commerce Research (ICECR -4), pages 505-514, Dallas. ATSMA, IFIP.
11. Herrmann, P. and Krumm, H. (2000). A Framework for Modeling Transfer Protocols. Computer Networks, 34(2):317-337.
12. Herrmann, P. and Krumm, H. (2000). A Framework for the Hazard Analysis of Chemical Plants. In Proceedings of the II th IEEE International Symposium on Computer-Aided Control System Design (CACSD2000), pages 35-41, Anchorage. IEEE CSS, Omnipress.
13. Herrmann, P. and Krumm, H. (2001). Trust-adapted enforcement of security policies in distributed component-structured applications. In Proceedings of the 6th IEEE Symposium on Computers and Communications, pages 2-8, Hammamet. IEEE Computer Society Press.
14. st National Security Conference. NSA.
15. Khan, K., Han, J., and Zheng, Y. (2001). A Framework for an Active Interface to Characterise Compositional Security Contracts of Software Components. In Proceedings of the Australian Software Engineering Conference (ASWEC'Ol), pages 117-126, Canberra. IEEE Computer Society Press.
16. Kozen, D. (1998). Efficient code certification. Technical Report 98-1661, Computer Science Department, Cornell University.
17. Kozen, D. (1999). Language-Based Security. In Kutylowski, M., Pacholski, L., and Wierzbicki, T., editors, Proceedings of the Conference on Mathematical Foundations of Computer Science (MFCS'99), Lecture Notes in Computer Science 1672, pages 284-298. Springer-Verlag.
18. Mallek, A. (2000). Sicherheitkomponentenstrukturierterverteilter Systeme: Vertrauensabhangige Komponenteni.iberwachung (in German). Diploma Thesis, UniversiUit Dortmund, Informatik IV, D-44221 Dortmund.
19. Monroe, M.A. (1993). Security Tool Review: TCPWrappers.;login:, 18(6):15-16.
20. Morrisett, G., Walker, D., Crary, K., and Glew, N. (1998). From System F to typed assembly language. In Proceedings of the 25th ACM SIGPLAN/SIGACT Symposium on Principles of Programming Languages, pages 85-97, San Diego.
21. Myers, A. C. and Liskov, B. (1998). Complete, Safe Information with Decentralized Labels. In Proceedings of the IEEE Symposium on Security and Privacy, pages 186-197, Oakland.
22. Necula, G. C. (1998). Compiling with proofs. PhD thesis, Carnegie Mellon University.
23. OBI (1999). OBI Technical Specifications- Open Buying on the Internet. OBI Consortium, draft release v2.1 edition.
24. Schmitz, L. (1999). The SalesPoint Framework- Technical Overview. WWW:ist.unibwmuenchen.de/Lectures/SalesPoint/overview/english/TechDoc.htm.
25. th International Workshop on Distributed Algorithms (WDAG '97), Lecture Notes in Computer Science 1320, pages 1-14. ACM SIGPLAN, Springer-Verlag.
26. Szyperski, C. (1997). Component Software- Beyond Object Oriented Programming. AddisonWesley Longman.
27. Tarditi, D., Morrisett, G., Cheng, P., Stone, C., Harper, R., and Lee, P. (1996). TIL: A typedirected optimizing compiler for ML. In Proceedings of the Conference on Programming Language Design and Implementation. ACM SIGPLAN.
28. Vissers, C. A., Scollo, G., and van Sinderen, M. (1988). Architecture and specification style in formal descriptions of distributed systems. In Agarwal, S. and Sabnani, K., editors, Protocol Specification, Testing and Verification, volume 8, pages 189-204, Elsevier. IFIP.
29. Wabbe, R., Lucco, S., Anderson, T. E., and Graham, S. L. (1993). Efficient software-based fault isolation. In Proceedings of the 14th Symposium on Operating System Principles, pages 203-216. ACM.
30. Zollner, J., Federrath, H., Klimant, H., Pfitzmann, A., Piotraschke, R., Westfeld, A., Wicke, G., and Wolf, G. (1998). Modeling the security of steganographic systems. In Proceedings of the 2nd Workshop of Information Hiding, LNCS 1525, pages 345-355, Portland. Springer-Verlag.