Abstract
The use of attribute certificates andthe concept of mobile policies have been proposedto overcome some of the limitations of the role basedaccess control (RBAC) paradigm andto implement security requirements such as the “originator controlled” (ORCON) policy. Mobile policies are attachedto the data that they control andenforced by their execution in trusted servers. In this paper we extendthis idea to allow the execution of the policies in untrustedsystems. Our extension allows policies to be boundto the data but not attachedto. Through this modification security administrators are able to change policies dynamically and transparently. Additionally, we introduce X-ACS, an XML-based language designedto express policies in a simple andunam biguous way overcoming the limitations of other approaches. Important features of X-ACS are that it can be used by processors with limited capabilities such as smart cards while allowing the automated validation of policies.
Work partially supported by the E.U. through project IST 2001-32446
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Thompson, M., et al.: Certificate-basedAccess Control for Widely Distributed Resources. In: Proc. of the Eighth USENIX Security Symposium (1999) 215–227
Fayad, A., Jajodia, S.: Going Beyond MAC and DAC Using Mobile Policies. In: Proc. of 16th IFIP SEC. Kluwer Academic Publishers (2001)
McCollum, C.J., Messing, J.R., Notargiacomo, L.: Beyondthe pale of MAC and DAC—Defining new forms of access control. In: Proc. of the IEEE Symposium on Security and Privacy (1990) 190–200
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems (2000)
Osborn, S., Sandhu, R., Munawer, Q.: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. In: ACM Transactions on Information andSystem Security, Vol.3(2) (2000) 85–106
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role-Based Access Control: Towards a Unified Standard. In: Proc. of the 5th ACM Workshop on RolebasedAccess Control (2000) 47–63
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Proc. of Policy Worshop (2001)
Wedde, H.F., Lischka, M.: Modular Authorization. In: Proc. of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT) (2001)
Röscheisen, M., Winograd, T.: A Network-Centric Design for Relationship-based Security and Access Control. In: Journal of Computer Security, Special Issue on Security in the World-Wide Web (1997)
Sloman, M.S.: Policy Driven Management for Distributed Systems. Journal of Network and Systems Management, Vol. 2(4) (1994) 333–360
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: Proc. of IEEE Symp. on Security and Privacy (1997) 31–42
Chadwick, D. W.: An X.509 Role-based Privilege Management Infrastructure. Business Briefing. In: Global Infosecurity (2002) http://www.permis.org/
ContentGuard, Inc.: eXtensible Rights Markup Language, XrML 2.0. (2001) http://www.xrml.org
Org. for the Advancement of Structured Information Standards.: eXtensible Access Control Markup Language. http://www.oasis-open.org/committees/xacml/
Org. for the Advancement of Structured Information Standards.: SAML 1.0 Specification Set (2002) http://www.oasis-open.org/committees/security/
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A finegrainedaccess control system for XML documents. In: ACM Transactions on Information andSystem Security (TISSEC), to appear.
Yagüe, M.I., Aldana, J.F., Gómez, C.A.: Integrity issues in the Web. In: Doorn, J. and L. Rivero (eds.): Database Integrity: Challenges andSolutions (2002) 293–321
Maña, A., Pimentel, E.: An Efficient Software Protection Scheme. In: Proc. of 16th IFIP SEC. Kluwer Academic Publishers (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
López, J., Maña, A., Yagüe, M.I. (2002). XML-Based Distributed Access Control System. In: Bauknecht, K., Tjoa, A.M., Quirchmayr, G. (eds) E-Commerce and Web Technologies. EC-Web 2002. Lecture Notes in Computer Science, vol 2455. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45705-4_22
Download citation
DOI: https://doi.org/10.1007/3-540-45705-4_22
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44137-3
Online ISBN: 978-3-540-45705-3
eBook Packages: Springer Book Archive