发布求助
文献互助 智能选刊 最新文献

2010 IEEE International Symposium on Policies for Distributed Systems and Networks最新文献

筛选
英文 中文
Collaborative Privacy Policy Authoring in a Social Networking Context 社交网络环境下的协同隐私政策制定
2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI: 10.1109/POLICY.2010.13
R. Wishart, Domenico Corapi, Srdjan Marinovic, M. Sloman
{"title":"Collaborative Privacy Policy Authoring in a Social Networking Context","authors":"R. Wishart, Domenico Corapi, Srdjan Marinovic, M. Sloman","doi":"10.1109/POLICY.2010.13","DOIUrl":"https://doi.org/10.1109/POLICY.2010.13","url":null,"abstract":"Recent years have seen a significant increase in the popularity of social networking services. These online services enable users to construct groups of contacts, referred to as friends, with which they can share digital content and communicate. This sharing is actively encouraged by the social networking services, with users’ privacy often seen as a secondary concern. In this paper we first propose a privacy-aware social networking service and then introduce a collaborative approach to authoring privacy policies for the service. In addressing user privacy, our approach takes into account the needs of all parties affected by the disclosure of information and digital content.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"161 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131716430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 67
Towards Autonomous Administrations of Decentralized Authorization for Inter-domain Collaborations 面向跨领域协作的分权授权自治管理
2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI: 10.1109/POLICY.2010.35
Hannah K. Lee
{"title":"Towards Autonomous Administrations of Decentralized Authorization for Inter-domain Collaborations","authors":"Hannah K. Lee","doi":"10.1109/POLICY.2010.35","DOIUrl":"https://doi.org/10.1109/POLICY.2010.35","url":null,"abstract":"Inter-domain collaborations are composed of a series of tasks, whose run-time environment stretches over heterogeneous systems governed by different sets of policies. Though the collaborators are willing to share resources and knowledge to reach a set of common goals, they often desire to preserve control over their resources and prevent internal information from unnecessary disclosure. Thus, one of the major challenges in modeling a security policy for the inter-domain collaborations is allowing autonomous administration of internal resources and principals. In this paper, we present a conceptional framework called interactive RBAC (iRBAC), which builds a RBAC system for such inter-domain collaborations with an additional intermediate layer called interactive Roles (iRoles). Providing transparent linkage between actors in collaborations and domain specific local principals, this extra indirection not only enables autonomous policy administrations on user-role and role-permission assignments, but it also assists local principals in collaborators’ domains to be mapped in alignment to functional roles derived from collaborative process definitions. Challenges in building a RBAC system above domain boundaries such as preserving consistency properties and avoiding “role explosion” during user-role assignment are also discussed.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115449240","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Small But Non-negligible Flaw in the Android Permission Scheme Android权限方案中的一个小但不可忽略的缺陷
2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI: 10.1109/POLICY.2010.11
Wook Shin, S. Kwak, S. Kiyomoto, Kazuhide Fukushima, Toshiaki Tanaka
{"title":"A Small But Non-negligible Flaw in the Android Permission Scheme","authors":"Wook Shin, S. Kwak, S. Kiyomoto, Kazuhide Fukushima, Toshiaki Tanaka","doi":"10.1109/POLICY.2010.11","DOIUrl":"https://doi.org/10.1109/POLICY.2010.11","url":null,"abstract":"This paper presents a flaw in the permission scheme of Android. The Android framework enforces a permission-based security policy where an application can access the other parts of the system only when the application is explicitly permitted. The security of the framework depends to a large extent on the owner of a device since the authorization decisions are mainly made by the user. As a result, the permission scheme imposes much of the administrative burden on the user instead of keeping it simple. Moreover, the framework does not impose enough controls nor support dynamic adjustment in the following respects: No naming rule or constraint is applied for a new permission declaration; once an application acquires a permission, the permission is never revoked during the lifetime of the application, two different permissions can be in use having the same name. These features of the framework can result in a security flaw. We explain how we found the flaw, demonstrate an exploit example, and discuss the solution.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115640107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 50
Downstream Usage Control 下游使用控制
2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI: 10.1109/POLICY.2010.17
Laurent Bussard, G. Neven, Franz-Stefan Preiss
{"title":"Downstream Usage Control","authors":"Laurent Bussard, G. Neven, Franz-Stefan Preiss","doi":"10.1109/POLICY.2010.17","DOIUrl":"https://doi.org/10.1109/POLICY.2010.17","url":null,"abstract":"Whereas access control describes the conditions that have to be fulfilled before data is released, usage control describes how the data has to be treated after it is released. Usage control can be applied to digital rights management, where the data are usually copyright-protected media, as well as in privacy, in which case the data are privacy-sensitive personal information. An important aspect of usage control for privacy, especially in light of the current trend towards composed web services (so-called mash-ups), is downstream usage, i.e., with whom and under which usage control restrictions data can be shared. In this work, we present a two-sided XML-based policy language: on the one hand, it allows users to express in their preferences in a fine-grained way the exact paths that their data is allowed to follow, and the usage restrictions that apply at each hop in the path. On the other hand, it allows data consumers to express in their policies how they intend to treat the data, with whom they intend to share it, and how the downstream consumers intend to treat the data.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128216121","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
A Policy Based Infrastructure for Social Data Access with Privacy Guarantees 具有隐私保障的基于策略的社会数据访问基础设施
2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI: 10.1109/POLICY.2010.25
Palanivel A. Kodeswaran, E. Viegas
{"title":"A Policy Based Infrastructure for Social Data Access with Privacy Guarantees","authors":"Palanivel A. Kodeswaran, E. Viegas","doi":"10.1109/POLICY.2010.25","DOIUrl":"https://doi.org/10.1109/POLICY.2010.25","url":null,"abstract":"We present a policy based infrastructure for social data access with the goal of enabling scientific research, while preserving privacy. We describe motivating application scenarios that could be enabled with the growing number of user datasets such as social networks, medical datasets etc. These datasets contain sensitive user information and sufficient caution must be exercised while sharing them with third parties to prevent privacy leaks. One of the goals of our framework is to allow users to control how their data is used, while at the same time enabling the aggregate data to be used for scientific research. We extend existing access control languages to explicitly model user intent in data sharing as well as supporting additional access modes that go beyond the traditional allow/deny binary semantics of access control. We describe our policy infrastructure and show how it can be used to enable the above scenarios while still guaranteeing individual privacy and present a prototype implementation of the framework extending the SecPAL authorization language to account for new roles and operations.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114469163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Enforcement of Data-Plane Policies in Next-Generation Networks 下一代网络中数据平面策略的实施
2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI: 10.1109/POLICY.2010.23
S. Shanbhag, T. Wolf
{"title":"Enforcement of Data-Plane Policies in Next-Generation Networks","authors":"S. Shanbhag, T. Wolf","doi":"10.1109/POLICY.2010.23","DOIUrl":"https://doi.org/10.1109/POLICY.2010.23","url":null,"abstract":"Modern networks not only forward traffic, but also perform a variety of processing operations on packets (e.g., content inspection, transcoding, QoS scheduling). Such data plane operations cannot be easily coordinated in the current Internet architectures since there is no explicit policy support for packet processing services. As more diverse systems and protocols are deployed in the next-generation Internet, this problem becomes increasingly challenging. In our work, we propose a novel policy enforcement system for data-path functions in the next-generation Internet. Using a formalism to represent policies and automated planning tools, connection request can be adapted to meet the policy requirement of the domains they traverse. We present the theoretical foundations of this approach as well as a prototype implementation based on our network service architecture. Our results show that this approach is an effective solution to enforcing policies relating to the date plane of networks.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127882968","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Policy-Based Data Downgrading: Toward a Semantic Framework and Automated Tools to Balance Need-to-Protect and Need-to-Share Policies 基于策略的数据降级:迈向一个语义框架和自动化工具,以平衡需要保护和需要共享的策略
2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI: 10.1109/POLICY.2010.33
G. Denker, Ashish Gehani, Minyoung Kim, D. Hanz
{"title":"Policy-Based Data Downgrading: Toward a Semantic Framework and Automated Tools to Balance Need-to-Protect and Need-to-Share Policies","authors":"G. Denker, Ashish Gehani, Minyoung Kim, D. Hanz","doi":"10.1109/POLICY.2010.33","DOIUrl":"https://doi.org/10.1109/POLICY.2010.33","url":null,"abstract":"We describe a new paradigm for articulating need-to-protect and need-to-share policies that shows promise for enabling automated derivation of the downgrading rulesets needed to comply with these policies in systems that share data. This new paradigm is based on fine-grained semantic policy specifications in terms of context, content, Purpose, and Anti-purpose that are expressed in a machine-understandable language. Our approach is based on an existing reasoning capability that can handle simple downgrading cases. Extensions to handle more complex cases are discussed. Although not yet a complete, turnkey solution to the overall data sharing and privacy problem, we posit that our approach provides an auspicious research vector for future work towards achieving that goal.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121258163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Teleo-Reactive Policies in Ponder2 Ponder2中的远端反应策略
2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI: 10.1109/POLICY.2010.15
K. Twidle, Srdjan Marinovic, Naranker Dulay
{"title":"Teleo-Reactive Policies in Ponder2","authors":"K. Twidle, Srdjan Marinovic, Naranker Dulay","doi":"10.1109/POLICY.2010.15","DOIUrl":"https://doi.org/10.1109/POLICY.2010.15","url":null,"abstract":"Policies could potentially be an important and cost-effective technique for building and managing pervasive systems. Historically, policy-based systems have been built using a policy environment that supports the specification and enforcement of policies for a range of management concerns such as adaptation and security. In this short paper we describe our experiences with challenges in building human-centric pervasive systems. As a result of these experiences we introduce a novel management policy type based on teleo-reactive procedures that replace traditional ECA management policies.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134176110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Linking Policies to the Spatial Environment 将政策与空间环境联系起来
2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI: 10.1109/POLICY.2010.31
David Evans, D. Eyers, J. Bacon
{"title":"Linking Policies to the Spatial Environment","authors":"David Evans, D. Eyers, J. Bacon","doi":"10.1109/POLICY.2010.31","DOIUrl":"https://doi.org/10.1109/POLICY.2010.31","url":null,"abstract":"Security policy specification can be difficult to get right. Electronic systems often fail to provide an easy route to encode requirements that would be simple to enforce through controlling how physical principals interact. This paper presents a means to ameliorate potential policy mismatches through the use of location awareness systems allowing changes in the physical world to be mapped to electronic policy state. These changes are represented formally using the event calculus. Patterns over this state are used to track compliance with policy and to detect the fulfilment of obligations. A number of example scenarios are provided to illustrate the utility of the coupling between spatial and policy concerns, and to demonstrate the notation used.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"166 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131724160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers DAuth:分布式Web应用程序消费者的细粒度授权委托
2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI: 10.1109/policy.2010.12
Joshua Schiffman, Xinwen Zhang, S. Gibbs
{"title":"DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers","authors":"Joshua Schiffman, Xinwen Zhang, S. Gibbs","doi":"10.1109/policy.2010.12","DOIUrl":"https://doi.org/10.1109/policy.2010.12","url":null,"abstract":"Web applications are becoming the predominant means by which users interact with online content. However, current authentication approaches use a single authentication credential to manage access permissions, which is too inflexible for distributed programs with unique security and privacy requirements for each component. In this paper, we introduce DAuth, an authorization mechanism that allows fine-grained and flexible control of access permissions derived from a single authentication credential for distributed consumers of web applications. We implement DAuth as a proxy for a Twitter social networking application within our distributed Elastic Application framework and find it introduces negligible overhead and requires only minor modification of existing applications. Through our evaluation, we demonstrate DAuth improves on existing web authentication mechanisms to support distributed web application consumers and can be implemented as a proxy to web applications that do not wish to develop their own implementation.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"266 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115832057","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信