On context in authorization policy

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

On context in authorization policy

Full text

Pdf (316 KB)

Source

Symposium on Access Control Models and Technologies archive
Proceedings of the eighth ACM symposium on Access control models and technologies table of contents

Como, Italy

SESSION: Constraints table of contents

Pages: 80 - 89

Year of Publication: 2003

ISBN:1-58113-681-1

Author

Patrick McDaniel

AT&T Labs -- Research, Florham Park, NJ

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 3, Downloads (12 Months): 53, Citation Count: 10

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/775412.775422 What is a DOI?

ABSTRACT

Authorization policy infrastructures are evolving with the complex environments that they support. However, the requirements and technologies supporting context are not yet well understood. Often implemented as condition functions or predefined attributes, context is used to more precisely control when and how policy is enforced. This paper considers context requirements and services in authorization policy. The properties and security requirements of context evaluation are classified. A key observation gleaned from this classification is the degree to which context functions share common properties. The Antigone Condition Framework (ACF) exploits these commonalities to provide a general purpose condition service and associated API. The prototype ACF design is presented and illustrated, and directions for future work considered.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Jean Bacon , Ken Moody , Walt Yao, A model of OASIS role-based access control and its support for active security, ACM Transactions on Information and System Security (TISSEC), v.5 n.4, p.492-540, November 2002 [doi>10.1145/581271.581276]
	2	D. Bell and L. LaPadula. Secure Computer Systems: Mathematical Foundations and Model. Technical Report M74-244, MITRE Corperation, Bedford, MA, 1973.
	3	Nina T. Bhatti , Matti A. Hiltunen , Richard D. Schlichting , Wanda Chiu, Coyote: a system for constructing fine-grain configurable communication services, ACM Transactions on Computer Systems (TOCS), v.16 n.4, p.321-366, Nov. 1998 [doi>10.1145/292523.292524]
	4	Andrew D. Birrell , Bruce Jay Nelson, Implementing Remote procedure calls, Proceedings of the ninth ACM symposium on Operating systems principles, p.3, October 10-13, 1983, Bretton Woods, New Hampshire, United States
	5	Matt Blaze , Joan Feigenbaum , John Ioannidis , Angelos D. Keromytis, The role of trust management in distributed systems security, Secure Internet programming: security issues for mobile and distributed objects, Springer-Verlag, London, 2001
	6	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	7	M. Blaze, J. Feignbaum, J. Ioannidis, and A. Keromytis. The KeyNote Trust Management System - Version 2. Internet Engineering Task Force, September 1999. RFC 2704.
	8	Trust management for IPsec, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.95-118, May 2002 [doi>10.1145/505586.505587]
	9	D. Box, D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. Frystyk Nielsen, S. Thatte, and D. Winer. Simple Object Access Protocol (SOAP) 1.2, June 2002. http://www.w3.org/TR/soap12-part1/.
	10	Fabian Breg, Shridhar Diwan, Juan Villacis, Jayashree Balasubramanian, Esra Akman, and Dennis Gannon. Java RMI performance and object model interoperability: Experiments with Java/HPC++. Concurrency: Practice and Experience, 10(11--13):941--955, 1998.
	11	R. Hayton, J. Bacon, and K. Moody. OASIS: Access Control in an Open, Distributed Environment. In Proceedings of 1998 IEEE Symposium on Security and Privacy. IEEE, MAY 1998. Oakland, California.
	12	John Ioannidis. Personal communication, December 2002.
	13	Gregor Kiczales, John Lamping, Anurag Menhdhekar, Chris Maeda, Cristina Lopes, Jean-Marc Loingtier, and John Irwin. Aspect-oriented programming. In Proceedings European Conference on Object-Oriented Programming, volume 1241, pages 220--242. Springer-Verlag, Berlin, Heidelberg, and New York, 1997.
	14	Patrick Drew Mcdaniel , Atul Prakash, Policy management in secure group communication, 2001
	15	P. McDaniel and A. Prakash. Antigone Secure Group Communication System. NASA Tech Briefs, 2001. to appear.
	16	Patrick McDaniel , Atul Prakash, Methods and Limitations of Security Policy Reconciliation, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.73, May 12-15, 2002
	17	P. McDaniel, A. Prakash, and P. Honeyman. Antigone: A Flexible Framework for Secure Group Communication. In Proceedings of the 8th USENIX Security Symposium, pages 99--114, August 1999.
	18	P. McDaniel, A. Prakash, J. Irrer, S. Mittal, and T. Thuang. Flexibly Constructing Secure Groups in Antigone 2.0. In Proceedings of DARPA Information Survivability Conference and Exposition II, pages 55--67. IEEE, June 2001.
	19	B. Moore, E. Ellesson, J. Strassner, and A. Westerinen. Policy Core Information Model -- Version 1 Specification. Internet Engineering Task Force, February 2001. RFC 3060.
	20	Unix~Man Page. dlopen man page. Linux Programmers Manual, Section 3.
	21	G. Patz, M. Condell, R. Krishnan, and L. Sanchez. Multidimensional Security Policy Management for Dynamic Coalitions. In Proceedings of Network and Distributed Systems Security 2001. Internet Society, February 2001. San Diego, CA, to appear.
	22	T. Ryutov and C. Neuman. Representation and Evaluation of Security Policies for Distributed System Services. In Proceedings of DARPA Information Survivability Conference and Exposition, pages 172--183, Hilton Head, South Carolina, January 2000. DARPA.
	23	Ravi S. Sandhu, Lattice-Based Access Control Models, Computer, v.26 n.11, p.9-19, November 1993 [doi>10.1109/2.241422]
	24	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	25	Ravi~S. Sandhu and Pierrangela Samarati. Access Control: Principles and Practice. IEEE Communications Magazine, 32(9):40--48, 1994.
	26	Mary Thompson, William Johnston, Srilekha Mudumbai, Gary Hoo, Keith Jackson, and Abdelilah Essiari. Certificate-based Access Control for Widely Distributed Resources. In Proceedings of the 8th USENIX Security Symposium, pages 215--228, August 1999.
	27	Steve Vinoski. CORBA: Integrating Diverse Applications Within Distributed Heterogeneous Environments. IEEE Communications Magazine, 14(2), February 1994.
	28	A. Westerinen, J. Schnizlein, J. Strassner, Mark Scherling, Bob Quinn, Jay Perry, Shai Herzog, An-Ni Huynh, Mark Carlson, and Steve Waldbusser. Policy Terminology Draft. Internet Engineering Task Force, march 2001.
	29	W. Yeong, T. Howes, and S. Kille. Lightweight Directory Access Protocol. Internet Engineering Task Force, March 1995. RFC 1777.
	30	J. Zao, L. Sanchez, M. Condell, C. Lynn, M. Fredette, P. Helinek, P. Krishnan, A. Jackson, D. Mankins, M. Shepard, and S. Kent. Domain Based Internet Security Policy Management. In Proceedings of DARPA Information Survuvability Conference and Exposition, pages 41--53, Hilton Head, South Carolina, January 2000. DARPA.

CITED BY 10

	Mark Strembeck , Gustaf Neumann, An integrated approach to engineer and enforce context constraints in RBAC environments, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.392-427, August 2004
	Urs Hengartner , Peter Steenkiste, Implementing access control to people location information, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Urs Hengartner , Peter Steenkiste, Access control to people location information, ACM Transactions on Information and System Security (TISSEC), v.8 n.4, p.424-456, November 2005
	W. Keith Edwards, Putting computing in context: An infrastructure to support extensible context-enhanced collaborative applications, ACM Transactions on Computer-Human Interaction (TOCHI), v.12 n.4, p.446-474, December 2005
	Adam J. Lee , Kazuhiro Minami , Marianne Winslett, Lightweight cnsistency enforcement schemes for distributed proofs with hidden subtrees, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Devdatta Kulkarni , Anand Tripathi, Context-aware role-based access control in pervasive computing systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
	Julien Brunel , Frédéric Cuppens , Nora Cuppens , Thierry Sans , Jean-Paul Bodeveix, Security policy compliance with violation management, Proceedings of the 2007 ACM workshop on Formal methods in security engineering, p.31-40, November 02-02, 2007, Fairfax, Virginia, USA
	Laura Falk , Atul Prakash , Kevin Borders, Analyzing websites for user-visible security design flaws, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania
	Stere Preda , Frédéric Cuppens , Nora Cuppens-Boulahia , Joaquin G. Alfaro , Laurent Toutain , Yehia Elrakaiby, Semantic context aware security policy deployment, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
	Yuqing Sun , Bin Gong , Xiangxu Meng , Zongkai Lin , Elisa Bertino, Specification and enforcement of flexible security policy for active cooperation, Information Sciences: an International Journal, v.179 n.15, p.2629-2642, July, 2009