Cooperative security administration in multi-security-domain environments using a variant of deontic logic

Foster, 2001, The anatomy of the grid: enabling scalable virtual organizations, International Journal of High Performance Computing Applications, 15, 200, 10.1177/109434200101500302 Berkes, 1997, New and not-so-new directions in the use of the commons: co-management, The Common Property Resoruce Digest, 42, 5 Bonatti, P.A., Duma, C., Fuchs, N., Nejdl, W., Olmedilla, D., Peer, J. and Shahmehri, N. “Semantic web policies–a discussion of requirements and research issues”, 3rd European Semantic Web Conference, ESWC, In Lecture Notes in Computer Science, 4011, Springer, Budva, Montenegro (2006). Bonatti, 2003, Logics for emerging applications of databases Abadi, 1993, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems, 15, 706, 10.1145/155183.155225 Emami, S.S., Amini, M. and Zokaei, S. “A context-aware access control model for pervasive computing environments”, The IEEE International Conference on Intelligent Pervasive Computing, IPC 2007, Jeju Island, Korea, pp. 51–56 (2007). Davis, M. “Semantic wave–part 1”, Technical Report A Project10X Special Report, Wilshire Conferences, Inc. (2006). Kagal, 2001, Trust-based security in pervasive computing environments, IEEE Computer, 34, 154, 10.1109/2.970591 Pearlman, L., Welch, V., Foster, I., Kesselman, C. and Tuecke, S. “A community authorization service for group collaboration”, The 3rd IEEE International Workshop on Policies for Distributed Systems and Networks, Policy’02, Monterey, CA, USA, pp. 50–59 (2002). Au, R., Looi, M. and Ashley, P. “Cross-domain one-shot authorization using smart cards”, The 7th ACM Conference on Computer and Communications Security, CCS ’00, Athens, Greece, pp. 220–227 (2000). Au, R., Looi, M., Ashley, P. and Seet, L.T. “Secure authorisation agent for cross-domain access control in a mobile computing environment”, 4th International Conference on Information Security and Cryptology, ICISC 2001, In Lecture Notes in Computer Science (LNCS), 2288, pp. 343–359, Seoul, Korea (2001. Joshi, 2004, Access-control language for multidomain environments, IEEE Internet Computing, 8, 40, 10.1109/MIC.2004.53 Piromruen, S. and Joshi, J.B.D. “An RBAC framework for time constrained secure interoperation in multi-domain environments”, The 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems, WORDS05, Sedona, Arizona, USA, pp. 36–48 (2005). Joshi, 2005, A generalized temporal role-based access control model, IEEE Transactions on Knowledge and Data Engineering, 17, 4, 10.1109/TKDE.2005.1 Shafiq, 2005, Secure interoperation in a multidomain environment employing RBAC policies, IEEE Transactions on Knowledge and Data Engineering, 17, 1557, 10.1109/TKDE.2005.185 Tang, 2004, A mobile access control architecture for multiple security domains environment, 457 Demchenko, Y., Laat, C., Gommans, L. and Buuren, R.V. “Domain based access control model for distributed collaborative applications”, The Second IEEE International Conference on e-Science and Grid Computing, Amsterdam, Netherlands (2006). Tang, Z., Li, R. and Lu, Z. “A request-driven role mapping for secure interoperation in multi-domain environment”, The IFIP International Conference on Network and Parallel Computing Workshops, NPC 2007, Dalian, China, pp. 83–90 (2007). Glasgow, J.I., MacEwen, G.H. and Panangaden, P. “Reasoning about knowledge and permission in secure distributed systems”, First IEEE Computer Security Foundations Workshop, CSFW’88, pp. 139–146, FMITRE Corporation Press, Ranconia, New Hampshire, USA (1988). Woo, 1993, Authorizations in distributed systems: a new approach, Journal of Computer Security, 2, 107, 10.3233/JCS-1993-22-304 Jajodia, S., Samarati, P. and Subrahmanian, V.S. “A logical language for expressing authorizations”, IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 31–42, (1997). Jajodia, 2001, Flexible support for multiple access control policies, ACM Transaction on Database Systems, 26, 214, 10.1145/383891.383894 Barker, 2003, Flexible access control policy specification with constraint logic programming, ACM Transactions on Information and System Security (TISSEC), 6, 501, 10.1145/950191.950194 Barker, S., Leuschel, M. and Varea, M. “Efficient and flexible access control via logic program specialisation”, ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation, PEPM’04, pp. 190–199, ACM Press, Verona, Italy (2004). Kaushik, S., Wijesekera, D. and Ammann, P. “Policy-based dissemination of partial web-ontologies”, The 2005 Workshop on Secure Web Services, SWS ’05, pp. 43–52, ACM Press, Fairfax, VA, USA (2005). Cuppens, F. and Demolombe, R. “A deontic logic for reasoning about confidentiality”, 3rd International Workshop on Deontic Logic in Computer Science, Sesimbra, Portugal, pp. 66–79 (1996). Kagal, L., Finin, T. and Joshi, A. “A policy-based approach to security for the semantic web”, 2nd International Semantic Web Conference, ISWC03, Sanibel Island, Florida, USA (2003). Bonatti, P.A., Capitani di Vimercati, S.D. and Samarati, P. “A modular approach to composing access control policies”, ACM Conference on Computer and Communication Security, Athens, Greece (2000). Bonatti, 2002, An algebra for composing access control policies, Information and System Security, 5, 1, 10.1145/504909.504910 Wijesekera, 2003, A propositional policy algebra for access control, ACM Transaction on Information and System Security, 6, 286, 10.1145/762476.762481 Moses, T. “EXtensible Access Control Markup Language”, Version 2.0, OASIS Standard (2005). “ISO/IEC Information technology–open systems interconnection–security frameworks for open systems: access control framework”, ISO/IEC 10181-3 (1995). “ISO/IEC:9594-8 ITU-T recommendation X.509: information technology–open systems interconnection–the directory: public-key and attribute certificate frameworks”, Technical Report, ITU-T (2001). Shi, M., Shen, X. and Mark, J.W. “A light weight authentication scheme for mobile wireless internet applications”, IEEE Wireless Communications and Networking Conference, WCNC03, New Orleans, Louisiana, USA, pp. 2126–2131 (2003). Clarke, 2001, Certificate chain discovery in SPKI/SDSI, Journal of Computer Security, 9, 285, 10.3233/JCS-2001-9402 Farrell, S. and Housley, R. “An internet attribute certificate profile for authorization”, Technical Report, The Internet Engineering Task Force (IETF) (2002). Zhou, W. and Meinel, C. “Implement role based access control with attribute certificates”, The 6th IEEE International Conference on Advanced Communication Technology, ICACT2004, 1, Korea, pp. 536–541 (2004). Rushby, 1998, Subtypes for specifications: predicate subtyping in PVS, IEEE Transactions on Software Engineering, 24, 709, 10.1109/32.713327 Javanmardi, S., Amini, M., Jalili, R. and GanjiSaffar, Y. “SBAC: a semantic based access control model”, 11th Nordic Workshop on Secure IT-Systems, NordSec2006, Linkping, Sweden, pp. 157–168 (2006). Josang, A., Gollmann, D. and Au, R. “A method for access authorisation through delegation networks”, The 2006 Australasian Workshops on Grid Computing and E-Research, ACSW Frontiers ’06, Hobart, Tasmania, Australia, pp. 165–174 (2006). Li, 2003, Delegation logic: a logic-based approach to distributed authorization, ACM Transaction on Information Systems Security, 6, 128, 10.1145/605434.605438 Gupta, R., Roy, S. and Bhide, M. “Identity delegation in policy based systems”, The 8th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY ’07, Bologna, Italy, pp. 229–240 (2007). Yousefi, 2006, Multi-determiner protection of private data in pervasive computing environments, IJCSNS International Journal of Computer Science and Netwrok Security, 6, 239 Balbiani, 2003, PDL with intersection of programs: a complete axiomatization, Journal of Applied Non-Classical Logics, 13, 231, 10.3166/jancl.13.231-276 Aqvist, 1984, Deontic logic, II, 605 Masoumzadeh, A.R., Amini, M. and Jalili, R. “Context-aware provisional access control”, 2nd International Conference on Information Systems Security, ICISS’06, In Lecture Notes in Computer Science (LNCS), 4332, pp. 132–146, Springer-Verlag, Kolkata, India (2006). Bettini, 2003, Provisions and obligations in policy rule management, Journal of Network and Systems Management, 11, 351, 10.1023/A:1025711105609 Gama, P. and Ferreira, P. “Obligation policies: an enforcement platform”, The 6th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY’05, Stockholm, Sweden, pp. 203–212 (2005). Liu, Z., Ranganathan, A. and Riabov, A. “Specifying and enforcing high-level semantic obligation policies”, The 8th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY’07, Bologna, Italy, pp. 119–128 (2007). Mont, M.C. and Thyne, R. “A systemic approach to automate privacy policy enforcement in enterprises”, The 6th Workshop on Privacy Enhancing Technologies, In Lecture Notes in Computer Science (LNCS), 4258, pp. 118–134, Springer, Cambridge, UK (2006). “MIT project Oxygen” (2004), http://oxygen.csail.mit.edu/, Accessed in Nov. 2007.