XACML policy integration algorithms

Mazzoleni, Pietro; Bertino, Elisa; Crispo, Bruno; Sivasubramanian, S.

doi:10.1145/1133058.1133089

Cited by 54 publications

(29 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Relevant work has been done in the field of policy management such as policy integration and conflict resolution. Mazzoleni et al [9] proposed policy integration algorithms for XACML [14]. They believed that XACML had not been built to manage security for systems in which enterprises were dynamically constructed with the collaboration of multiple independent subjects.…”

Section: Related Workmentioning

confidence: 99%

Policy Provisioning and Its Access Control Beyond Administrative and Collaborative Domains

Gomi

2012

Journal of Information Processing

View full text Add to dashboard Cite

A policy provisioning framework is described that supports management of the lifecycle of personal information and its data-handling policies distributed beyond security domains. A model for creating data-handling policies reflecting the intentions of its system administrator and the privacy preferences of the data owner is explained. Also, algorithms for systematically propagating and integrating data-handling policies from system entities in different administrative domains are presented. This framework enables data-handling policies to be properly deployed and enforced in a way that enhances security and privacy.

show abstract

Section: Related Workmentioning

confidence: 99%

Policy Provisioning and Its Access Control Beyond Administrative and Collaborative Domains

Gomi

2012

Journal of Information Processing

View full text Add to dashboard Cite

show abstract

“…In this case, ${\cal C}_{{\cal P}_{{\cal S}{\cal A}} }$ indicates all semantic credential terms occurring in the composite ${\cal P}_{{\cal S}{\cal A}}$ . Policy composition has its inherent issues 31, such as preferences of integration and resolving policy conflicts, which a partner indicates them along with the registration of its semantic access policy.…”

Section: Interoperable Semantic Access Controlmentioning

confidence: 99%

“…During the coalition operation phase conflicting policies may occur especially when partners' services interact with each other, for example as part of a service composition process, and the resulting policy composition may require special reconciliation rules for proper policy enforcement. A recent work 31 proposes an extension to XACML 48 policy integration algorithms to handle policy reconciliation in dynamic and open environments.…”

Section: Related Workmentioning

confidence: 99%

Interoperable semantic access control for highly dynamic coalitions

Koshutanski

Maña

2010

Security Comm Networks

View full text Add to dashboard Cite

A coalition consists of independent organizations that share resources and skills to achieve significant mission objectives. Dynamic Coalition (DC) formations occur in response to some market demands, business requests, or disaster responses, to name a few. Partners forming a coalition are automatically selected given some business criteria and become active participants from the time the coalition is formed. Highly dynamic coalitions (HDCs) form a sub class of dynamic coalitions where the coalition formation and operation are strictly bound by time in order to provide a prompt reaction to some events. This type of dynamism poses the necessity of underlying security models and technologies allowing for automated coalition formation and operation. This paper presents a platform-driven approach to HDCs. It first defines a life cycle inherent to HDC formations, and then presents a platform-driven access control model that takes advantage of semantics of partners' requirements to provide interoperable access control to resources shared in a coalition. Coalition partners can achieve a high level of service interoperation by enhancing their access control requirements with semantics of usage, and interlinking their semantics using class relations based on standard ontology. ‡ Digital Ecosystems EU initiative-http://www.digitalecosystems.org; EU FP6 ECOLEAD project-http:// ecolead.vtt.fi possibility of providing combined services adapted to some client's requests. The dynamism in this case is often limited, as normally the coalition is static after it is formed, but sometimes the dynamism is extended to cover partner replacement during coalition operation. However, time scales for coalition formation and restructuring are long, thus allowing that these processes include some human intervention or complex

show abstract

“…In this work, we focus on discretionary access control, and the capability of deciding the access granularity by using SQL-based policy rules. Bertino et al [27] aimed at defining an extension of XACML access rules on resources located in largescale distributed systems. They focus on the problems of integrating conflicting policies in such a setting.…”

Section: Related Workmentioning

confidence: 99%

Distributed and Secure Access Control in P2P Databases

Bonifati

Liu

Wang

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The intent of peer data management systems (PDMS) is to share as much data as possible. However, in many applications leveraging sensitive data, users demand adequate mechanisms to restrict the access to authorized parties. In this paper, we study a distributed access control model, where data items are stored, queried and authenticated in a totally decentralized fashion. Our contribution focuses on the design of a comprehensive framework for access control enforcement in PDMS sharing secure data, which blends policy rules defined in a declarative language with distributed key management schemes. The data owner peer decides which data to share and whom to share with by means of such policies, with the data encrypted accordingly. To defend against malicious attackers who can compromise the peers, the decryption keys are decomposed into pieces scattered amongst peers. We discuss the details of how to adapt distributed encryption schemes to PDMS to enforce robust and resilient access control, and demonstrate the efficiency and scalability of our approach by means of an extensive experimental study.

show abstract

XACML policy integration algorithms

Cited by 54 publications

References 4 publications

Policy Provisioning and Its Access Control Beyond Administrative and Collaborative Domains

Policy Provisioning and Its Access Control Beyond Administrative and Collaborative Domains

Interoperable semantic access control for highly dynamic coalitions

Distributed and Secure Access Control in P2P Databases

Contact Info

Product

Resources

About