发布求助
文献互助 智能选刊 最新文献

Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)最新文献

筛选
英文 中文
Data-Purpose Algebra: Modeling Data Usage Policies 数据目的代数:数据使用策略建模
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI: 10.1109/POLICY.2007.14
C. Hanson, Tim Berners-Lee, Lalana Kagal, G. Sussman, D. Weitzner
{"title":"Data-Purpose Algebra: Modeling Data Usage Policies","authors":"C. Hanson, Tim Berners-Lee, Lalana Kagal, G. Sussman, D. Weitzner","doi":"10.1109/POLICY.2007.14","DOIUrl":"https://doi.org/10.1109/POLICY.2007.14","url":null,"abstract":"Data is often encumbered by restrictions on the ways in which it may be used. These restrictions on usage may be determined by statute, by contract, by custom, or by common decency, and they are used to control collection of data, diffusion of data, and the inferences that can be made over the data. In this paper, we present a data-purpose algebra that can be used to model these kinds of restrictions in various different domains. We demonstrate the utility of our approach by modeling part of the Privacy Act (5 USC xi552a)1, which states that data collected about US citizens can be used only for the purposes for which it was collected. We show (i) how this part of the Privacy act can be represented as a set of restrictions on data usage, (ii) how the authorized purposes of data flowing through different government agencies can be calculated, and (iii) how these purposes can be used to determine whether the Privacy Act is being enforced appropriately.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130601131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 42
Web Services Security: Challenges and Techniques Web服务安全:挑战和技术
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI: 10.1109/POLICY.2007.50
A. Singhal
{"title":"Web Services Security: Challenges and Techniques","authors":"A. Singhal","doi":"10.1109/POLICY.2007.50","DOIUrl":"https://doi.org/10.1109/POLICY.2007.50","url":null,"abstract":"Web services based computing is currently an important driver for the software industry. While several standards bodies (such as W3C and OASIS) are laying the foundation for Web services security, several research problems must be solved to make secure Web services a reality. This paper describes techniques for Web services security and some of the challenges for the future.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121199824","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Adaptive Web Data Extraction Policies 自适应Web数据提取策略
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI: 10.1109/POLICY.2007.4
G. Fiumara, M. Marchi, A. Provetti
{"title":"Adaptive Web Data Extraction Policies","authors":"G. Fiumara, M. Marchi, A. Provetti","doi":"10.1109/POLICY.2007.4","DOIUrl":"https://doi.org/10.1109/POLICY.2007.4","url":null,"abstract":"Dynamo is a middleware that helps in generating informative RSS feeds out of legacy HTML Web sites. To produce timely and informative RSS feeds, and to be scalable, Dynamo needs a careful tuning and customization of its polling policies which have been evaluated against frequently-updated news portals.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"160 10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128973364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall 不可链接策略的分布式执行:超越中国墙
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI: 10.1109/POLICY.2007.16
Apu Kapadia, P. Naldurg, R. Campbell
{"title":"Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall","authors":"Apu Kapadia, P. Naldurg, R. Campbell","doi":"10.1109/POLICY.2007.16","DOIUrl":"https://doi.org/10.1109/POLICY.2007.16","url":null,"abstract":"We present a discretionary access control framework that can be used to control a principal's ability to link information from two or more audit records and compromise a user's privacy. While the traditional Chinese Wall (CW) access control model is sufficient to enforce this type of unlinkability, in distributed environments CW is inefficient because its semantics requires knowledge of a user's access history. We propose a restricted version of the CW model in which policies are easy to enforce in a decentralized manner without the need for an access history. Our architecture analyzes system policies for potential linkability conflicts. Users can identify specific threats to their privacy, typically in terms of trusted and untrusted roles in the context of RBAC (role based access control), following which the system attaches automatically generated policy constraints to the audit records. When these constraints are enforced appropriately, they implement unlinkability policies that are provably secure and precise for a fixed protection state. We extend the model with a versioning scheme that can handle evolving protection state, including changing roles and permissions, trading precision to maintain the security of deployed policies.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"22 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115759129","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Dynamic Adaptation of Policies in Data Center Management 数据中心管理中策略的动态适配
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI: 10.1109/POLICY.2007.18
Wael Hosny Fouad Aly, H. Lutfiyya
{"title":"Dynamic Adaptation of Policies in Data Center Management","authors":"Wael Hosny Fouad Aly, H. Lutfiyya","doi":"10.1109/POLICY.2007.18","DOIUrl":"https://doi.org/10.1109/POLICY.2007.18","url":null,"abstract":"This paper applies the use of control-theoretic techniques and feedback consisting of current system behaviour to implement policies such that threshold values specified in the policies are optimized. The proposed approach in this paper is compared to other dynamic feedback control approaches. Results show that the proposed approach outperforms the other dynamic feedback control approaches. It managed to increase the number of processed requests and reduce the number of violations experienced.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126181088","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
An Automated Framework for Validating Firewall Policy Enforcement 验证防火墙策略实施的自动化框架
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI: 10.1109/POLICY.2007.5
A. El-Atawy, T. Samak, Zein Wali, E. Al-Shaer, F. Lin, Christopher Pham, Sheng Li
{"title":"An Automated Framework for Validating Firewall Policy Enforcement","authors":"A. El-Atawy, T. Samak, Zein Wali, E. Al-Shaer, F. Lin, Christopher Pham, Sheng Li","doi":"10.1109/POLICY.2007.5","DOIUrl":"https://doi.org/10.1109/POLICY.2007.5","url":null,"abstract":"The implementation of network security devices such as firewalls and IDSs are constantly being improved to accommodate higher security and performance standards. Using reliable and yet practical techniques for testing the functionality of firewall devices particularly after new filtering implementation or optimization becomes necessary to assure required security. Generating random traffic to test the functionality of firewall matching is inefficient and inaccurate as it requires an exponential number of test cases for a reasonable coverage. In addition, in most cases the policies used during testing are limited and manually generated representing fixed policy profiles. In this paper, we present a framework for automatic testing of the firewall policy enforcement or implementation using efficient random traffic and policy generation techniques. Our framework is a two-stage architecture that provides a satisfying coverage of the firewall operational states. A large variety of policies are randomly generated according to custom profiles and also based on the grammar of the access control list. Testing packets are then generated intelligently and proportional to the critical regions of the generated policies to validate the firewall enforcement for such policies. We describe our implementation of the framework based on Cisco IOS, which includes the policy generation, test cases generation, capturing and analyzing firewall out put, and creating detailed test reports. Our evaluation results show that the automated security testing is not only achievable but it also offers a dramatically higher degree of confidence than random or manual testing.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115598571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
XACML-Based Composition Policies for Ambient Networks 基于xacml的环境网络组合策略
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI: 10.1109/POLICY.2007.52
C. Kamienski, J. Fidalgo, R. Dantas, D. Sadok, B. Ohlman
{"title":"XACML-Based Composition Policies for Ambient Networks","authors":"C. Kamienski, J. Fidalgo, R. Dantas, D. Sadok, B. Ohlman","doi":"10.1109/POLICY.2007.52","DOIUrl":"https://doi.org/10.1109/POLICY.2007.52","url":null,"abstract":"Ambient Networks (AN) pose new challenges to the management discipline, and policies are considered to be an adequate solution for providing flexibility, distributed control, and self-management features. However, the current state-of the art IETF policy framework was not designed for the challenges of new 3G/4G environments such as AN. This paper presents PBMAN, a policy-based architecture and a composition framework that extends the AN architecture, where policies are intrinsically at the underlying layer by design and not as a later ad-on. The use of policies and their interaction with network composition is the main research challenge of PBMAN. The current architecture has been designed based on previous experience, on a design-implement-test development cycle. The framework was used to model a video on demand scenario, whereto composition policies based on an extended version of the XACML policy language have been written.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115599639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Overriding of Access Control in XACML XACML中访问控制的重写
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI: 10.1109/POLICY.2007.31
Ja'far Alqatawna, E. Rissanen, B. S. Firozabadi
{"title":"Overriding of Access Control in XACML","authors":"Ja'far Alqatawna, E. Rissanen, B. S. Firozabadi","doi":"10.1109/POLICY.2007.31","DOIUrl":"https://doi.org/10.1109/POLICY.2007.31","url":null,"abstract":"Most access control mechanisms focus on how to define the rights of users in a precise way to prevent any violation of the access control policy of an organization. However, in many cases it is hard to predefine all access needs, or even to express them in machine readable form. One example of such a situation is an emergency case which may not be predictable and would be hard to express as a machine readable condition. Discretionary overriding of access control is one way for handling such hard to define and unanticipated situations where availability is critical. The override mechanism gives the subject of the access control policy the possibility to override a denied decision, and if the subject should confirm the override, the access will be logged for special auditing. XACML, the extensible access control markup language, provides a standardized access control policy language for expressing access control policies. This paper introduces a discretionary overriding mechanism in XACML. We do so by means of XACML obligations and also define a general obligation combining mechanism.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"493 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129892494","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
CoRaL--Policy Language and Reasoning Techniques for Spectrum Policies CoRaL——频谱政策的政策语言和推理技术
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI: 10.1109/POLICY.2007.13
D. Elenius, G. Denker, Mark-Oliver Stehr, R. Senanayake, C. Talcott, D. Wilkins
{"title":"CoRaL--Policy Language and Reasoning Techniques for Spectrum Policies","authors":"D. Elenius, G. Denker, Mark-Oliver Stehr, R. Senanayake, C. Talcott, D. Wilkins","doi":"10.1109/POLICY.2007.13","DOIUrl":"https://doi.org/10.1109/POLICY.2007.13","url":null,"abstract":"We present the cognitive radio (policy) language (CoRaL), a new language for expressing policies that govern the behavior of cognitive radios that opportunistically share spectrum. A Policy Reasoner validates radio transmissions to ensure that they are compliant with the spectrum policies. The Policy Reasoner also discovers spectrum sharing opportunities by deriving what requirements must be fulfilled for transmissions to be valid, i.e., in compliance with policies. A novel mix of reasoning techniques is required to implement such a reasoner.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130569010","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 44
Hybrid Multi-module Security Policy Verification 混合多模块安全策略验证
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI: 10.1109/POLICY.2007.25
Igor Kotenko, Olga Chervatuk, E. Sidelnikova, A. Tishkov
{"title":"Hybrid Multi-module Security Policy Verification","authors":"Igor Kotenko, Olga Chervatuk, E. Sidelnikova, A. Tishkov","doi":"10.1109/POLICY.2007.25","DOIUrl":"https://doi.org/10.1109/POLICY.2007.25","url":null,"abstract":"To build a powerful and flexible security policy verification tool, it is very important to use the approach which allows covering all possible inconsistencies, has open (extendable) architecture and efficient verification implementation. We suggest using a family of different verification modules each of which can work with acceptable computational complexity for the particular types of conflicts, the system scale and the policy complication. The poster describes a common approach to security policy verification and presents a novel hybrid multi-module security checker (SEC) software tool that can serve as a security policy debugger for various categories of security policy, including authentication, authorization, filtering, channel protection and operational rules.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"90 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121336849","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信