The Imposition of Protocols Over Open Distributed Systems
IEEE Transactions on Software Engineering
Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Supporting relationships in access control using role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Trust in Cyberspace
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Establishing Business Rules for Inter-Enterprise Electronic Commerce
DISC '00 Proceedings of the 14th International Conference on Distributed Computing
ACM SIGOPS Operating Systems Review
Dependencies and separation of duty constraints in GTRBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Methods and Limitations of Security Policy Reconciliation
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Generalized Role-Based Access Control
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Formal Treatment of Certificate Revocation Under Communal Access Control
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Virtual enterprise access control requirements
SAICSIT '03 Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
On the role of roles: from role-based to role-sensitive access control
Proceedings of the ninth ACM symposium on Access control models and technologies
A Decentralized Treatment of a Highly Distributed Chinese-Wall Policy
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Enforcing Enterprise-wide Policies Over Standard Client-Server Interactions
SRDS '05 Proceedings of the 24th IEEE Symposium on Reliable Distributed Systems
Regulated Delegation in Distributed Systems
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Regularity-based trust in cyberspace
iTrust'03 Proceedings of the 1st international conference on Trust management
Establishing global properties of multi-agent systems via local laws
E4MAS'06 Proceedings of the 3rd international conference on Environments for multi-agent systems III
| Hi-index | 0.00 |
This paper introduces an abstract reference model, called interaction control (IC), for the governance of large and heterogeneous distributed systems. This model goes well beyond conventional access control, along a number of dimensions. In particular, the IC model has the following characteristics: (1) it is inherently decentralized, and thus scalable even for a wide range of stateful policies; (2) it is very general, and not biased toward any particular type of policies; thus providing a significant realization of the age-old principle of separation of policy from mechanism ; and (3) it enables flexible, composition-free, interoperability between different policies. The IC model, which is an abstraction of a mechanism called law-governed interaction (LGI), has been designed as a minimalist reference model that can be reified into a whole family of potential control mechanisms that may support different types of communication, with different performance requirements and for different application domains.