Data & Knowledge Engineering - Special issue on ER '96
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
ACM Transactions on Information and System Security (TISSEC)
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Unified Scheme for Resource Protection in Automated Trust Negotiation
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Introduction: Service-oriented computing
Communications of the ACM - Service-oriented computing
Proceedings of the ninth ACM symposium on Access control models and technologies
Trust-X: A Peer-to-Peer Framework for Trust Establishment
IEEE Transactions on Knowledge and Data Engineering
A trust negotiation system for digital library Web services
International Journal on Digital Libraries
Adaptive trust negotiation and access control
Proceedings of the tenth ACM symposium on Access control models and technologies
Trust-Serv: a lightweight trust negotiation service
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Protecting privacy during on-line trust negotiation
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Supporting the dynamic evolution of Web service protocols in service-oriented architectures
ACM Transactions on the Web (TWEB)
Change impact analysis in service-based business processes
Service Oriented Computing and Applications
Trust management of services in cloud environments: Obstacles and solutions
ACM Computing Surveys (CSUR)
A survey of change management in service-based environments
Service Oriented Computing and Applications
Hi-index | 0.00 |
We present a software tool and a framework for security protocol change management. While we focus on trust negotiation protocols in this paper, many of the ideas are generally applicable to other types of protocols. Trust negotiation is a flexible approach to access control that is well suited to dynamic environments typical of service-oriented applications. However, managing the evolution of trust negotiation protocols is a difficult problem that has not been sufficiently addressed, especially in situations where there are ongoing negotiations. By using our framework, the consequences of changing the protocol that applies to ongoing trust negotiations can be automatically determined. We have also implemented a database-backed GUI tool to manage the change process as an extension of an existing system, and we have performed experiments to test the efficiency of our management software. Our experimental results show that the techniques proposed can scale to applications with tens of thousands of simultaneous users even on commodity PCs.