Improving Grid Services Security with Fine Grain Policies

Baiardi, Fabrizio; Martinelli, Fabio; Mori, Paolo; Vaccarelli, Anna

doi:10.1007/978-3-540-30470-8_30

Cited by 13 publications

(13 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This extension requires analysing bytecode instead of source code when extracting usage policies and when constructing the CFG. Martinelli et al [2,29,30] model security policies as process algebras. They implement a custom JVM, with an execution monitor that traps system calls and fires them concurrently to the policy.…”

Section: Static Analysis and Optimizationsmentioning

confidence: 99%

Securing Java with Local Policies.

Bartoletti¹,

Costa²,

Degano³

et al. 2009

JOT

Self Cite

View full text Add to dashboard Cite

Abstract. We propose an extension to the security model of Java. It allows for specifying, analysing and enforcing history-based policies. Policies are defined by finite state automata recognizing the permitted execution histories. Programmers can sandbox an untrusted piece of code with a policy, which is enforced at run-time through its local scope. A static analysis allows for optimizing the execution monitor, that will only check the program points where some security violation may actually occur.

show abstract

Section: Static Analysis and Optimizationsmentioning

confidence: 99%

Securing Java with Local Policies.

Bartoletti¹,

Costa²,

Degano³

et al. 2009

JOT

Self Cite

View full text Add to dashboard Cite

show abstract

“…We then decided to adopt an operational policy language (e.g., see [1]) that we feel is close to user's expertise than others more denotational. Since, we deal with sequence of actions, potentially involving different entities, we decided to use a process description language.…”

Section: Policy Specificationmentioning

confidence: 99%

“…In [1], [15] we advocated the adoption of the usage control model (UCON), proposed by Sandhu and Park (e.g., see [18]), to the GRID environment. This paper describes a possible architecture and policy language and shows how this is complete to implement the usage control model.…”

Section: Introductionmentioning

confidence: 99%

A model for usage control in GRID systems

Martinelli

Mori

2007

2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007

Self Cite

View full text Add to dashboard Cite

The usage control model (UCON) is a new access control paradigm proposed by Park and Sandhu that encompasses and extends several existing models. Its main novelty, in addition to the unifying view, is based on continuity of usage monitoring and mutability of attributes of subjects and objects. We identified this model as a perfect candidate for managing access/usage control in GRID systems due to their peculiarities where continuity of control is a central issue. Here we extend and systematize our previous work on usage control to develop a full model for usage control in GRID systems.We use as policy specification language a process description language and show how this is suitable to model the usage policy models of the original UCON model.

show abstract

“…The approach is based on a fine-grained and historybased model introduced in [2]. The monitoring is finegrained because instead of considering the execution of an application as a single atomic action we split down the monitoring on the basic operations performed by an application during its execution.…”

Section: Security In Grid Computingmentioning

confidence: 99%