xESB: An Enterprise Service Bus for Access and Usage Control Policy Enforcement

Gheorghe, Gabriela; Neuhaus, Stephan; Crispo, Bruno

doi:10.1007/978-3-642-13446-3_5

Cited by 17 publications

(14 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Considerable research effort has been devoted to SFT, mostly, but not exclusively, for local Journal of Software Engineering and Applications (non-distributed) systems. See [31] for a survey. According to this research, SFT-measures are to be established by incorporating failure-handling code (henceforth "SFT-code") into the code of the original software; which may have to be done, systematically, in many parts of the system.…”

Section: Software Fault Tolerance (Sft)mentioning

confidence: 99%

On the Dependability of Highly Heterogeneous and Open Distributed Systems

Minsky¹

2018

JSEA

View full text Add to dashboard Cite

This paper introduces an architecture of distributed systems that facilitates the implementation of a substantial range of dependable system properties, i.e.,properties that span an entire system, or a set of components dispersed throughout it. This architecture, called GDS, for governed distributed system, governs the system by controlling the flow of messages between its actors, independently of the internals of the interacting actors. This governance is done via an enforced collection of interaction laws organized into a modular and conflict free hierarchical ensemble. This ensemble of laws is sensitive to the history of interaction; and it is enforced in a decentralized manner, and is thus scalable. The dependable system properties that can be implemented under GDS can have the following beneficial consequences, among others: a) the ability to establish regularities over the system, rendering it more coherent, and easier to reason about; b) the ability to provide a degree of trust among the disparate actor of the system; and c) the ability to ensure compliance with interaction protocols that are essential for distributed computing. Consequently, the GDS architecture can have a significant impact on the following important system qualities: security, fault tolerance, auditability, and manageability.

show abstract

Section: Software Fault Tolerance (Sft)mentioning

confidence: 99%

On the Dependability of Highly Heterogeneous and Open Distributed Systems

Minsky¹

2018

JSEA

View full text Add to dashboard Cite

show abstract

“…Enforcement of usage control requirements has been done at the OS level [26,27,3], at the X11 level [4], for Java [11,12,28], the .NET CIL [13] and machine languages [14,15,29]; at the level of an enterprise service bus [16]; for dedicated applications such as the Internet Explorer [17] and in the context of digital rights management [18][19][20]. These solutions focus on one of the two aspects of the problem: either data flow tracking or event-driven usage control.…”

Section: Related Workmentioning

confidence: 99%

“…opened, (lines 12-15) at most 4 further times and within 30 seconds (1 timestep = 1 second) after the first use (lines [8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27]; further attempts of opening the file will result in opening a predefined error message (lines 28-34).…”

Section: B1 Operating Systemmentioning

confidence: 99%

“…We do not discuss performance nor policy management either. Contribution Data flow tracking at specific layers of abstraction has been done in a multitude of ways [3,4,[11][12][13][14][15][16][17][18][19][20], also in the form of information flow analyses where implicit flows are also taken into account [21,22]. As far as we are aware, this work ends where sensitive (or tainted) data is moved to illegal sinks, e.g., when a file is written or an http post request is sent.…”

Section: Introductionmentioning

confidence: 99%

“…</ e x e c u t e> 19 </ a c t i o n s> 20 </ c o n t r o l M e c h a n i s m> 21 22 <c o n t r o l M e c h a n i s m> 23 B r o w s e r C l i p 24 <t r i g g e r E v e n t> 25 c o p y e x t 26 27 28 </ t r i g g e r E v e n t> 29 <c o n d i t i o n> 30 <t r u e /> 31 </ c o n d i t i o n> 32 <a c t i o n s> 33 34 </ a c t i o n s> 35 </ c o n t r o l M e c h a n i s m> With these two mechanisms, a notification is sent to the (social network) user (lines [14][15][16][17] if the content of the address field on its profile page (line 5) is sent as a part of a submission form (lines 3-7) (e.g., when posted on a bulletin board or sent using a webmail client like Gmail) and cannot be copied to the system clipboard (lines [24][25][26][27][28]33).…”

mentioning

confidence: 99%

See 2 more Smart Citations

Representation-Independent Data Usage Control

Pretschner

Lovat

Büchler

2012

Data Privacy Management and Autonomous Spontaneus Security

View full text Add to dashboard Cite

Abstract. Usage control is concerned with what happens to data after access has been granted. In the literature, usage control models have been defined on the grounds of events that, somehow, are related to data. In order to better cater to the dimension of data, we extend a usage control model by the explicit distinction between data and representation of data. A data flow model is used to track the flow of data in-between different representations. The usage control model is then extended so that usage control policies can address not just one single representation (e.g., delete file1.txt after thirty days) but rather all representations of the data (e.g., if file1.txt is a copy of file2.txt, also delete file2.txt). We present three proof-of-concept implementations of the model, at the operating system level, at the browser level, and at the X11 level, and also provide an ad-hoc implementation for cross-layer enforcement.

show abstract