发布求助
文献互助 智能选刊 最新文献

Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)最新文献

筛选
英文 中文
Privacy in the Semantic Web: What Policy Languages Have to Offer 语义网中的隐私:策略语言必须提供什么
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI: 10.1109/POLICY.2007.39
Claudiu Duma, Almut Herzog, N. Shahmehri
{"title":"Privacy in the Semantic Web: What Policy Languages Have to Offer","authors":"Claudiu Duma, Almut Herzog, N. Shahmehri","doi":"10.1109/POLICY.2007.39","DOIUrl":"https://doi.org/10.1109/POLICY.2007.39","url":null,"abstract":"Uncontrolled disclosure of sensitive information during electronic transactions may expose users to threats like loss of privacy and identity theft. The means envisioned for addressing protection of security and privacy in the context of the Semantic Web are policy languages for trust establishment and management. Although a number of policy languages have been proposed, it is unclear how well each language can address users' privacy concerns. The contribution of this work is an independent, scenario-based comparison of six prominent policy languages, namely Protune, Rei, Ponder, Trust-X, KeyNote and P3P-APPEL, with respect to the needs that users have in protecting their personal, sensitive data. We present how each language addresses access control for objects, such as user credentials and sensitive policies. We evaluate how each language defines or imports hierarchies of resources, whether the language supports protection of user information after it has been released, whether the language supports the principle of least privilege and more. The evaluation is not only an analytical literature study but also rich in actual implementations in all six languages.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129669488","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 47
Deriving Enforcement Mechanisms from Policies 从政策派生执行机制
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI: 10.1109/POLICY.2007.15
H. Janicke, A. Cau, F. Siewe, H. Zedan
{"title":"Deriving Enforcement Mechanisms from Policies","authors":"H. Janicke, A. Cau, F. Siewe, H. Zedan","doi":"10.1109/POLICY.2007.15","DOIUrl":"https://doi.org/10.1109/POLICY.2007.15","url":null,"abstract":"Policies provide a flexible and scalable approach to the management of distributed systems by separating the specification of security requirements and their enforcement Over the years the expressiveness of policy languages increased considerably making it possible to capture a variety of complex requirements that for example depend on the history of the system execution. The most important criteria for the successful operation of policy-managed systems is whether the deployed enforcement mechanisms can guarantee the compliance with the policies. With the expressiveness of policy languages this assurance is increasingly difficult to achieve. In this paper we therefore address the development of enforcement mechanisms from a theoretical perspective and show how enforcement code can be formally derived for compositional, history-dependent policies that can change dynamically over time or on the occurrence of events.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126523275","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Authorisation and Conflict Resolution for Hierarchical Domains 分层域的授权和冲突解决
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-01 DOI: 10.1109/POLICY.2007.8
G. Russello, Changyu Dong, Naranker Dulay
{"title":"Authorisation and Conflict Resolution for Hierarchical Domains","authors":"G. Russello, Changyu Dong, Naranker Dulay","doi":"10.1109/POLICY.2007.8","DOIUrl":"https://doi.org/10.1109/POLICY.2007.8","url":null,"abstract":"In this paper we generalise the authorisation policy model supported by the Ponder policy language for hierarchically organised domains of managed objects to support subject-based policies and return policies. We describe the authorisation conflicts that can occur and present a strategy to automatically resolve them. In our model each action has four endpoints: the subject call, the subject return, the target call and the target return. Each endpoint can have associated policies which are used to define constraints on which subjects are permitted to call which targets, and what is permitted to be transferred between subjects and targets. Subject-based policies aim to protect the subject from untrusted targets, while target-based policies aim to protect the target from unauthorised subjects. Subject-based policies are defined for and enforced by the subject's PEP, while target-based policies are defined for and enforced by the target's PEP. Although subject-based and target-based policies are separated, they are uniformly specified in our framework.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117323487","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 69
Identity Delegation in Policy Based Systems 基于策略系统中的身份委托
Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2006-06-12 DOI: 10.1109/POLICY.2007.26
Rajeev Gupta, Shourya Roy, M. Bhide
{"title":"Identity Delegation in Policy Based Systems","authors":"Rajeev Gupta, Shourya Roy, M. Bhide","doi":"10.1109/POLICY.2007.26","DOIUrl":"https://doi.org/10.1109/POLICY.2007.26","url":null,"abstract":"Policy based systems have received considerable attention in the recent past from academia as well as the industry. Research on policy based systems encompasses a gamut of areas such as: models and languages for policy based systems, policy standards, domain specific implementations, policy tools etc. However an important issue, which did not receive much attention from researchers, is that of access control for policy execution. In this paper we present the concept of \"identity delegation\" which involves finding the 'correct' users/ identities, to whom task of policy execution can be delegated. Policies are generally defined by high level business executives (policy authors) and are implemented by policy enforcers who have sufficient access rights on the underlying systems. Given the increasing complexity of enterprise systems, we show in this paper that finding the right policy enforcers for a policy can be a fairly non-trivial task. We address this important problem by proposing a unique concept of 'implicit identity delegation', whereby an autonomic system automatically figures out the correct policy enforcers and implicitly delegates the task of policy execution. We present the Implicit Identity Delegation architecture which boasts of an efficient technique for performing implicit identity delegation and uses a plugin based architecture ensuring its applicability and use in diverse domains.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131178062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信