Abstract
In enterprise applications, regulatory and business policies are shifting their semantic from access to usage control requirements. The aim of such policies is to constrain the usage of groups of resources based on complex conditions that require not only state-keeping but also automatic reaction to state changes. We argue that these policies instantiate usage control requirements that can be enforced at the infrastructure layer. Extending a policy language that we prove equivalent to an enhanced version of the UCON model, we build on an instrumented message bus to enact these policies.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)
Damianou, N., Dulay, N., Lupu, E., Sloman, M., Tonouchi, T.: Tools for domain-based policy management of distributed systems. In: NOMS, pp. 203–217 (2002)
Gheorghe, G., Neuhaus, S., Crispo, B.: xESB: An Enterprise Service Bus for access and usage control policy enforcement. In: 4th IFIP WG 11.11 International Conference on Trust Management (2010)
Goovaerts, T., Win, B.D., Joosen, W.: A flexible architecture for enforcing and composing policies in a service-oriented environment. In: Indulska, J., Raymond, K. (eds.) DAIS 2007. LNCS, vol. 4531, pp. 253–266. Springer, Heidelberg (2007)
Hoare, C.: Communicating sequential processes. Communications of the ACM 21(8), 666–677 (1978)
Katt, B., Zhang, X., Breu, R., Hafner, M., Seifert, J.: A general obligation model and continuity: enhanced policy enforcement engine for usage control. In: Proc. 13th ACM Symposium on Access Control Models and Technologies, SACMAT 2008, pp. 123–132. ACM, New York (2008)
Lam, T., Minsky, N.: A collaborative framework for enforcing server commitments, and for regulating server interactive behavior in soa-based systems. In: Proc. 5th Intl. Conf. on Collaborative Computing: Networking, Applications and Worksharing, pp. 1–10 (2009)
Maierhofer, A., Dimitrakos, T., Titkov, L., Brossard, D.: Extendable and adaptive message-level security enforcement framework. In: ICNS 2006, p. 72 (2006)
Martinelli, F., Mori, P.: On usage control for grid systems. In: Future Generation Computer Systems (to appear 2010)
Martinelli, F., Mori, P., Vaccarelli, A.: Towards continuous usage control on grid computational services. In: Proc. Intl. Conf. Autonomic and Autonomous Systems and International Conference on Networking and Services 2005, p. 82. IEEE Computer Society, Los Alamitos (2005)
Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)
Pretschner, A., Hilty, M., Basin, D., Schaefer, C., Walter, T.: Mechanisms for usage control. In: Proc. of 2008 ACM Symposium on Information, Computer and Comm. Sec., ASIACCS 2008, pp. 240–244. ACM, New York (2008)
Pretschner, A., Schütz, F., Schaefer, C., Walter, T.: Policy evolution in distributed usage control. In: 4th Intl. Workshop on Security and Trust Management (June 2008)
Ribeiro, C., Zúquete, A., Ferreira, P., Guedes, P.: Spl: An access control language for security policies with complex constraints. In: Proceedings of the Network and Distributed System Security Symposium, pp. 89–107 (1999)
Sun, Java Community Process Program: Sun JSR-000208 Java Business Integration, http://jcp.org/aboutJava/communityprocess/final/jsr208/index.html
Svirskas, A., Isachenkova, J., Molva, R.: Towards secure and trusted collaboration environment for european public sector. In: Intl. Conf. on Collaborative Computing: Networking, Applications and Worksharing, pp. 49–56 (November 2007)
Verhanneman, T., Piessens, F., Win, B.D., Joosen, W.: Uniform application-level access control enforcement of organizationwide policies. In: ACSAC 2005, pp. 431–440. IEEE Computer Society, Los Alamitos (2005)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Trans. on Information and System Security, 351–387 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gheorghe, G., Mori, P., Crispo, B., Martinelli, F. (2010). Enforcing UCON Policies on the Enterprise Service Bus. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems, OTM 2010. OTM 2010. Lecture Notes in Computer Science, vol 6427. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16949-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-16949-6_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16948-9
Online ISBN: 978-3-642-16949-6
eBook Packages: Computer ScienceComputer Science (R0)