A technical architecture for enforcing usage control requirements in service-oriented architectures

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A technical architecture for enforcing usage control requirements in service-oriented architectures

Full text

Pdf (648 KB)

Source

Workshop On Secure Web Services archive
Proceedings of the 2007 ACM workshop on Secure web services table of contents

Fairfax, Virginia, USA

SESSION: Session 1 table of contents

Pages: 18 - 25

Year of Publication: 2007

ISBN:978-1-59593-892-3

Authors

Agreiter Berthold	University of Innsbruck, Innsbruck, Austria
Muhammad Alam	University of Innsbruck, Innsbruck, Austria
Ruth Breu	University of Innsbruck, Innsbruck, Austria
Michael Hafner	University of Innsbruck, Innsbruck, Austria
Alexander Pretschner	ETH Zurich, Zurich, Switzerland
Jean-Pierre Seifert	University of Innsbruck, Austria, and Samsung Information Systems America, San Jose, CA
Xinwen Zhang	Samsung Information Systems America, San Jose, CA

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 10, Downloads (12 Months): 143, Citation Count: 2

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1314418.1314422 What is a DOI?

ABSTRACT

We present an approach to modeling and enforcing usage control requirements on remote clients in service-oriented architectures. Technically, this is done by leveraging a trusted software stack relying on a hardware-based root of trust and a trusted Java virtual machine to create a measurable and hence trust worthy client-side application environment. We define a model-driven approach to specifying remote policies that makes the technical intricacies of the target platform transparent to the policy modeler.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	SUN XACML Implementation. Available at sunxacml.sourceforge.net.
	2	Trusted computing group (tcg). https://www.trustedcomputinggroup.org/specs/.
	3	M. Alam, R. Breu, and M. Breu. Model Driven Security for Web Services (MDS4WS). In Proc. INMIC, 2004.
	4	M. Alam, M. Hafner, J.-P. Siefert, and X. Zhang. Extending SELinux Policy Model and Enforcement Architecture for Trusted Platforms Paradigms. Accepted for Annual SELinux Symposium.
	5	R. Anderson. Security in open versus closed systems-the dance of Boltzmann, Coase and Moore. In Open Source Software Economics 2002, 2002.
	6	S. Bajaj. Web services policy framework (wspolicy). March 2006, Version 1.2.
	7	R. Breu and G. Popp. Actor-centric modelling of access rights. In FASE 2004. Springer LNCS Vol. 2984, p. 165--179, 2004.
	8	D. Eastlake and J. Reagle. XML Encryption Syntax and Processing. W3C Rec. 10/12/2002.
	9	D. Eastlake and J. Reagle. XML-Signature Syntax and Processing. W3C Rec. 12/02/2002.
	10	D. Grawrock. The Intel Safer Computing Initiative Building Blocks for Trusted Computing. Intel Press, http://www.intel.com/intelpress/sum_secc.htm, 2005.
	11	M. Gudgin, M. Hadley, N. Mendelsohn, J. Moreau, and C. Nielsen. Soap version 1.2 part 1: Messaging framework. W3C Recommendation 24 June 2003.
	12	V. Haldar, D. Chandra, and M. Franz. Semantic remote attestation - a virtual machine directed approach to trustedcomputing.
	13	M. Hilty, A. Pretschner, C. Schaefer, and T. Walter. Enforcement for Usage Control: A System Model and a Policy Language for Distributed Usage Control. Technical Report I-ST-20, DoCoMo EuroLabs, 2006.
	14	Manuel Hilty , Alexander Pretschner , Christian Schaefer , Thomas Walter, Usage Control Requirements in Mobile and Ubiquitous Computing Applications, Proceedings of the International Conference on Systems and Networks Communication, p.27, October 29-November 03, 2006 [doi>10.1109/ICSNC.2006.75]
	15	Trent Jaeger , Reiner Sailer , Umesh Shankar, PRIMA: policy-reduced integrity measurement architecture, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA [doi>10.1145/1133058.1133063]
	16	Muhammad Alam , Ruth Breu , Michael Hafner, Modeling permissions in a (U/X)ML world, Proceedings of the First International Conference on Availability, Reliability and Security, p.685-692, April 20-22, 2006 [doi>10.1109/ARES.2006.84]
	17	M. Hafner, M. Alam, R. Breu. A MOF/QVT-based Domain Architecture for Model Driven Security. In IEEE/ACM Models 2006 LNCS 4199.
	18	H. Maruyama, F. Seliger, N. Nagaratnam, T. Ebringer, S. Munetho, and S. Yoshihama. Trusted platform on demand. Technical report, IBM Research, 2006.
	19	OSGI Alliance. OSGi. The Dynamic Module System for Java. www.osgi.org.
	20	Jaehong Park , Ravi Sandhu, The UCON_ABC usage control model, ACM Transactions on Information and System Security (TISSEC), v.7 n.1, p.128-174, February 2004 [doi>10.1145/984334.984339]
	21	Siani Pearson, Trusted Computing Platforms: TCPA Technology in Context, Prentice Hall PTR, Upper Saddle River, NJ, 2002
	22	Alexander Pretschner , Manuel Hilty , David Basin, Distributed usage control, Communications of the ACM, v.49 n.9, September 2006 [doi>10.1145/1151030.1151053]
	23	A. Pretschner, F. Massacci, and M. Hilty. Usage Control in Service-Oriented Architectures. In Proc. TrustBus, 2007. To appear.
	24	Ahmad-Reza Sadeghi , Christian Stüble, Property-based attestation for computing platforms: caring about properties, not mechanisms, Proceedings of the 2004 workshop on New security paradigms, September 20-23, 2004, Nova Scotia, Canada [doi>10.1145/1065907.1066038]
	25	Reiner Sailer , Trent Jaeger , Xiaolan Zhang , Leendert van Doorn, Attestation-based policy enforcement for remote access, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA [doi>10.1145/1030083.1030125]
	26	Reiner Sailer , Xiaolan Zhang , Trent Jaeger , Leendert van Doorn, Design and implementation of a TCG-based integrity measurement architecture, Proceedings of the 13th conference on USENIX Security Symposium, p.16-16, August 09-13, 2004, San Diego, CA
	27	SAML 2.0 Specification. http://www.oasis-open.org/ committees/tc_home.php?wg_abbrev=security.
	28	Z. Song, S. Lee, and R. Masuoka. Trusted web service. In The Second Workshop on Advances in Trusted Computing (WATC '06 Fall), 2006.
	29	XACML 2.0 Specification Set. http://www.oasisopen. org/committees/tc_home.php?wg_abbrev=xacml.
	30	Sachiko Yoshihama , Tim Ebringer , Megumi Nakamura , Seiji Munetoh , Hiroshi Maruyama, WS-Attestation: Efficient and Fine-Grained Remote Attestation on Web Services, Proceedings of the IEEE International Conference on Web Services, p.743-750, July 11-15, 2005 [doi>10.1109/ICWS.2005.136]
	31	X. Zhang, F. Parisi-Presicce, and R. Sandhu. Towards remote security enforcement for runtime protection of mobile code using trusted computing. In Proc. of the 1st Int. Workshop on Security (IWSEC), 2006. LNCS Kyoto, Japan.

CITED BY 2

	Basel Katt , Xinwen Zhang , Ruth Breu , Michael Hafner , Jean-Pierre Seifert, A general obligation model and continuity: enhanced policy enforcement engine for usage control, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
	Srijith K. Nair , Andrew S. Tanenbaum , Gabriela Gheorghe , Bruno Crispo, Enforcing DRM policies across applications, Proceedings of the 8th ACM workshop on Digital rights management, October 27-27, 2008, Alexandria, Virginia, USA