ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Partial outsourcing: a new paradigm for access control
Full text PdfPdf (304 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the eighth ACM symposium on Access control models and technologies table of contents
Como, Italy
SESSION: Access Control Models and Mechanisms table of contents
Pages: 134 - 141  
Year of Publication: 2003
ISBN:1-58113-681-1
Authors
Joerg Abendroth  Trinity College, Dublin
Christian D. Jensen  Technical University of Denmark
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 75,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/775412.775429
What is a DOI?

ABSTRACT

Various security models have been proposed in recent years for different purposes. Each of these aims to ease administration by introducing new types of security policies and models. This increases the complexity a system administrator is faced with. Ultimately, the resources expended in choosing amongst all of these models leads to less efficient administration.In this paper, we propose a new access control paradigm, which is already well established in virus and SPAM protection as partial delegation of administration to external expertise centres. Well-known vulnerabilities can be filtered out and known sources of attacks can be automatically blocked. We describe how partial outsourcing can be achieved in a secure way. A framework, which enables this process has already been developed.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Joerg Abendroth , Christian D. Jensen, A unified security framework for networked applications, Proceedings of the 2003 ACM symposium on Applied computing, March 09-12, 2003, Melbourne, Florida  [doi>10.1145/952532.952602]
 
2
J. G. S. B. Clifford Neuman and J. I. Schiller. Kerberos: An authentication service for open network systems. In Winter 1988 USENIX Conference, pages 191--201, Dallas, TX, 1988.
 
3
C. Bruce Schneier. Outsourcing Security. Counterpane webside http://www.counterpane.com/literature.html, 1.12.2002.
 
4
D. Clark and D. Wilson. A comparison of commercial and military computer security policies. In In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA. IEEE, May 1987.
5
George Coulouris , Jean Dollimore, Security requirements for cooperative work: a model and its system implications, Proceedings of the 6th workshop on ACM SIGOPS European workshop: Matching operating systems to application needs, September 12-14, 1994, Wadern, Germany  [doi>10.1145/504390.504439]
6
Eve Cohen , Roshan K. Thomas , William Winsborough , Deborah Shands, Models for coalition-based access control (CBAC), Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507727]
7
Glenn Faden, RBAC in UNIX administration, Proceedings of the fourth ACM workshop on Role-based access control, p.95-101, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319180]
 
8
Ferraiolo and Kuhn. Role based access control. In Proceedings of 15th National Computer Security Conference, 1992.
 
9
J. Mossiere , F. Saunier, Hidden software capabilities, Proceedings of the 16th International Conference on Distributed Computing Systems (ICDCS '96), p.282, May 27-30, 1996
10
Haio Roeckle , Gerhard Schimpf , Rupert Weidinger, Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization, Proceedings of the fifth ACM workshop on Role-based access control, p.103-110, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344308]
11
Jaehong Park , Ravi Sandhu, Towards usage control models: beyond traditional access control, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507722]
12
Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, Proceedings of the 1997 ACM SIGMOD international conference on Management of data, p.474-485, May 11-15, 1997, Tucson, Arizona, United States
 
13
C. Jensen , D. Hagimont, Protection Reconfiguration for Reusable Software, Proceedings of the 2nd Euromicro Conference on Software Maintenance and Reengineering ( CSMR'98), p.74, March 08-11, 1998
 
14
e. a. J.W.Backus. The fortran automatic coding system. In Proceedings of the Western Joint Computer, 1957.
 
15
W. E. K. uhnhauser. On paradigms for security policies in multipolicy environments. In Proceedgins fo 11th International Information Security Conference (IFIP/SEC'95), Cape Town, South Africa, 1995.
 
16
J. Kohl and C. Neuman. The kerberos network authentication service (v5). RFC 1510, Digital Equipment Corporation/ISI, September 1993.
 
17
Henry M. Levy, Capability-Based Computer Systems, Butterworth-Heinemann, Newton, MA, 1984
 
18
D. A. Marriott, M. S. Sloman, and N. Yialelis. Management policy service for distributed systems. Technical Report DoC 95/10, Imperial College, London, 1995.
 
19
Fabio Massacci, Reasoning About Security: A Logic and a Decision Method for Role-Based Access Control, Proceedings of the First International Joint Conference on Qualitative and Quantitative Practical Reasoning, p.421-435, June 09-12, 1997
 
20
B. C. Neumann. Proxy-based authorisation and accounting for distributed systems. In Proceedings of the 13th International Conference on Distributed Computing Systems, pages 283--291, Pittsburgh, Penn, U.S.A., May 1993.
21
Sylvia L. Osborn, Information flow analysis of an RBAC system, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507738]
 
22
A. Ott and S. Fischer-H. ubner. Rule set based access control as proposed in the 'generalized framework for access control' in linux. In Karlstadt Univeristy Studies, 2001:28, ISBN 91-89422-63-5, 2001.
 
23
Martin Roscheisen , Terry Winograd, A Communication Agreement Framework for Access/Action Control, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.154, May 06-08, 1996
 
24
B. Schneier. Secret and Lies. John Wiley & Sons; ISBN: 0471253111, August 2000.
 
25
M. Shapiro. Structure and encapsulation in distributed systems: The proxy principle. In Proceedings of the 6th International Conference on Distributed Computer Systems, pages 198--204, Cambridge, Massachusetts, U.S.A., 1986.
26
R. K. Thomas , R. S. Sandhu, Towards a task-based paradigm for flexible and adaptable access control in distributed applications, Proceedings on the 1992-1993 workshop on New security paradigms, p.138-142, August 1993, Little Compton, Rhode Island, United States  [doi>10.1145/283751.283810]
 
27
M. Thompson, W. Johnston, S. M. and Gary Hoo, K. Jackson, and A. Essiari. Certificate-based access control for widely distributed resources. In Proceedings of the Eighth USENIX Security Symposium (Security 99), pages 215--228, 1999.
 
28
W. L. Tin Qian. Active capability: An application specific security and protection model. Technical report, University of Illinois at Urbana-Champaign, 1996.
 
29
T. D. Tock. An extensible framework for authentication and delegation. Master's thesis, University of Illinois at Urbana-Champaign, 1994.
 
30
Various. Open source pki book, http://opensourcepkibook.sourceforge.net, 1.12.2002.
 
31
Nicholas Yialelis , Morris Sloman, A Security Framework Supporting Domain Based Access Control in Distributed Systems, Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96), p.26, February 22-23, 1996
 
32
T. Ylonen. SSH - secure login connections over the internet. In Proceedings of the 6th Security Symposium) (USENIX Association: Berkeley, CA), pages 37--42, 1996.

CITED BY
Bogdan Cautis, Distributed access control: a privacy-conscious approach, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  H. Information Systems
  H.1 MODELS AND PRINCIPLES
      H.1.m Miscellaneous

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)


General Terms:
Design, Management, Security


Keywords:
ASCap framework, access control, active software capabilities, partial outsourcing

Collaborative Colleagues:
Joerg Abendroth: colleagues
Christian D. Jensen: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player