Optimistic security: a new access control paradigm
Proceedings of the 1999 workshop on New security paradigms
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
The Ins and Outs of IT Outsourcing
IT Professional
XrML -- eXtensible rights Markup Language
Proceedings of the 2002 ACM workshop on XML security
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Provisions and Obligations in Policy Rule Management
Journal of Network and Systems Management
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Peer-to-peer access control architecture using trusted computing technology
Proceedings of the tenth ACM symposium on Access control models and technologies
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Enhancing Data Authenticity and Integrity in P2P Systems
IEEE Internet Computing
Communications of the ACM - Privacy and security in highly dynamic systems
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Aspect-oriented software development
Aspect-oriented software development
Platform for enterprise privacy practices: privacy-enabled management of customer data
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A general obligation model and continuity: enhanced policy enforcement engine for usage control
Proceedings of the 13th ACM symposium on Access control models and technologies
Controlling Usage in Business Process Workflows through Fine-Grained Security Policies
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Usage control enforcement - a survey
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
Hi-index | 0.00 |
Usage control governs the handling of sensitive data after it has been given away. The enforcement of usage control requirements is a challenge because the service requester in general has no control over the service provider's information processing devices. We analyze applicable trust models, conclude that observation-based enforcement is often more appropriate than enforcement by direct control over the service provider's actions, and present a logical architecture that blends both forms of enforcement with the business logics of serviceoriented architectures.