Infrastructural Support for Enforcing and Managing Distributed Application-Level Policies

Authors:
Tom Goovaerts;Bart De Win;Wouter Joosen
Affiliations:
DistriNet Research Group, Department of Computer Science, K.U. Leuven, Leuven, Belgium;DistriNet Research Group, Department of Computer Science, K.U. Leuven, Leuven, Belgium;DistriNet Research Group, Department of Computer Science, K.U. Leuven, Leuven, Belgium
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2008

Citing 11
Cited 1

Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
Object Security Attributes: Enabling Application-Specific Access Control in Middleware

On the Move to Meaningful Internet Systems, 2002 - DOA/CoopIS/ODBASE 2002 Confederated International Conferences DOA, CoopIS and ODBASE 2002
Access control with IBM Tivoli access manager

ACM Transactions on Information and System Security (TISSEC)
User Authentication and Authorization in the Java(tm) Platform

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Stateful distributed interposition

ACM Transactions on Computer Systems (TOCS)
Obligation Policies: An Enforcement Platform

POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Uniform Application-level Access Control Enforcement of Organizationwide Policies

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
On the modeling and analysis of obligations

Proceedings of the 13th ACM conference on Computer and communications security
Causeway: support for controlling and analyzing the execution of multi-tier applications

Proceedings of the ACM/IFIP/USENIX 2005 International Conference on Middleware
Kerberos: an authentication service for computer networks

IEEE Communications Magazine

A comparison of two approaches for achieving flexible and adaptive security middleware

Proceedings of the 2008 workshop on Middleware security

Quantified Score

Hi-index	0.00

Visualization

Abstract

State-of-the-art security mechanisms are often enforced in isolation from each other, which limits the kinds of policies that can be enforced in distributed and heterogeneous settings. More specifically, it is hard to enforce application-level policies that affect, or use information from multiple distributed components. This paper proposes the concept of a Security Service Bus (SSB), which is a dedicated communication channel between the applications and the different security mechanisms. The SSB treats the security mechanisms as reusable, stand-alone security services that can be bound to the applications and it allows the enforcement of advanced policies by providing uniform access to application-level information. This leads to a security infrastructure that is more flexible and more manageable and that can enforce more expressive policies.