ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Digital Library logoTake a look at the new version of this page: [ beta version ]. Tell us what you think.
Enforcing "sticky" security policies throughout a distributed application
Full text PdfPdf (79 KB)
Source Middleware Conference archive
Proceedings of the 2008 workshop on Middleware security table of contents
Leuven, Belgium
Pages: 1-6  
Year of Publication: 2008
ISBN:978-1-60558-363-1
Authors
David W. Chadwick  University of Kent, Canterbury, UK
Stijn F. Lievens  University of Kent, Canterbury, UK
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 10,   Downloads (12 Months): 101,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1463342.1463343
What is a DOI?

ABSTRACT

Existing policy enforcement points (PEPs) typically call a local policy decision point (PDP) running at the local site, either embedded in the application, or running as a local stand alone service. In distributed applications, the PDPs at each site do not usually coordinate decision making amongst themselves, and do not pass policies between themselves. Thus it becomes very difficult to enforce "sticky" policies such as privacy policies and obligations at all the sites in a distributed application. This paper looks at different ways in which the PEPs and PDPs of a distributed application may share policies between themselves so as to enforce "sticky" policies throughout a distributed application. Three alternative models are described, the Application Protocol Enhancement Model, the Encapsulating Security Layer Model and the Back Channel Model. The strengths and weaknesses of the three models are evaluated, and we compare them to prior research in the field.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
ITU-T Rec X.812 (1995) | ISO/IEC 10181-3:1996 "Security Frameworks for open systems: Access control framework"
 
2
J. Vollbrecht , P. Calhoun , S. Farrell , L. Gommans , G. Gross , B. de Bruijn , C. de Laat , M. Holdrege , D. Spence, AAA Authorization Framework, RFC Editor, 2000
 
3
Sun's XACML PDP, available from http://sunxacml.sourceforge.net/
 
4
David W. Chadwick , Linying Su , Romain Laborde, Coordinating access control in grid services, Concurrency and Computation: Practice & Experience, v.20 n.9, p.1071-1094, June 2008  [doi>10.1002/cpe.v20:9]
 
5
Marco Casassa Mont , Siani Pearson , Pete Bramhall, Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services, Proceedings of the 14th International Workshop on Database and Expert Systems Applications, p.377, September 01-05, 2003
6
Emil Lupu , Morris Sloman, Reconciling role based management and role based access control, Proceedings of the second ACM workshop on Role-based access control, p.135-141, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266770]
 
7
David W Chadwick, Wensheng Xu, Sassa Otenko, Romain Laborde and Bassem Nasser. "Multi-Session Separation of Duties (MSoD) for RBAC". First International Workshop on Security Technologies for Next Generation Collaborative Business Applications (SECOBAP'07), April 16--20, 2007, Istanbul, Turkey.
 
8
OASIS "eXtensible Access Control Markup Language (XACML) Version 2.0" OASIS Standard, 1 Feb 2005
 
9
Elisa Bertino , Elena Ferrari , Anna Squicciarini, Trust Negotiations: Concepts, Systems, and Languages, Computing in Science and Engineering, v.6 n.4, p.27-34, July 2004  [doi>10.1109/MCSE.2004.22]
10
Sruthi Bandhakavi , Charles C. Zhang , Marianne Winslett, Super-sticky and declassifiable release policies for flexible information dissemination control, Proceedings of the 5th ACM workshop on Privacy in electronic society, October 30-30, 2006, Alexandria, Virginia, USA  [doi>10.1145/1179601.1179609]
 
11
Gansen Zhao , David Chadwick, Trust Infrastructure for Policy based Messaging In Open Environments, Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, p.144-149, June 13-15, 2005  [doi>10.1109/WETICE.2005.60]
 
12
B. Ramsdell et al. "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification". RFC 3851. July 2004

CITED BY  3
Ram Krishnan , Ravi Sandhu , Jianwei Niu , William H. Winsborough, Foundations for group-centric secure information sharing models, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Mario Lischka , Yukiko Endo , Manuel Sánchez Cuenca, Deductive policies with XACML, Proceedings of the 2009 ACM workshop on Secure web services, November 13-13, 2009, Chicago, Illinois, USA
David W. Chadwick , Kaniz Fatema, An advanced policy based authorisation infrastructure, Proceedings of the 5th ACM workshop on Digital identity management, November 13-13, 2009, Chicago, Illinois, USA

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.4 Distributed Systems

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Design, Management, Security


Keywords:
PDP, application independent PEP, obligation enforcement, privacy policy enforcement, sticky policies

Collaborative Colleagues:
David W. Chadwick: colleagues
Stijn F. Lievens: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2010 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player