Usage control in service-oriented architectures

Authors:
Alexander Pretschner;Fabio Massacci;Manuel Hilty
Affiliations:
Information Security, ETH Zürich, Switzerland;Dept. of Information and Communication Technology, Università degli Studi di Trento, Italy;Information Security, ETH Zürich, Switzerland
Venue:
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Year:
2007

Citing 15
Cited 4

Optimistic security: a new access control paradigm

Proceedings of the 1999 workshop on New security paradigms
SASI enforcement of security policies: a retrospective

Proceedings of the 1999 workshop on New security paradigms
The Ins and Outs of IT Outsourcing

IT Professional
XrML -- eXtensible rights Markup Language

Proceedings of the 2002 ACM workshop on XML security
Delegation of Obligations

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Provisions and Obligations in Policy Rule Management

Journal of Network and Systems Management
The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
Peer-to-peer access control architecture using trusted computing technology

Proceedings of the tenth ACM symposium on Access control models and technologies
Composing security policies with polymer

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Enhancing Data Authenticity and Integrity in P2P Systems

IEEE Internet Computing
Distributed usage control

Communications of the ACM - Privacy and security in highly dynamic systems
Hippocratic databases

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Aspect-oriented software development

Aspect-oriented software development
Platform for enterprise privacy practices: privacy-enabled management of customer data

PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
On obligations

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security

A general obligation model and continuity: enhanced policy enforcement engine for usage control

Proceedings of the 13th ACM symposium on Access control models and technologies
Controlling Usage in Business Process Workflows through Fine-Grained Security Policies

TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Security for dynamic service-oriented eCollaboration: architectural alternatives and proposed solution

TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Usage control enforcement - a survey

ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Usage control governs the handling of sensitive data after it has been given away. The enforcement of usage control requirements is a challenge because the service requester in general has no control over the service provider's information processing devices. We analyze applicable trust models, conclude that observation-based enforcement is often more appropriate than enforcement by direct control over the service provider's actions, and present a logical architecture that blends both forms of enforcement with the business logics of serviceoriented architectures.