A technical architecture for enforcing usage control requirements in service-oriented architectures

We present an approach to modeling and enforcing usage control requirements on remote clients in service-oriented architectures. Technically, this is done by leveraging a trusted software stack relying on a hardware-based root of trust and a trusted Java virtual machine to create a measurable and hence trust worthy client-side application environment. We define a model-driven approach to specifying remote policies that makes the technical intricacies of the target platform transparent to the policy modeler.

[1]  Donald E. Eastlake,et al.  XML-Signature Syntax and Processing , 2001, RFC.

[2]  Ruth Breu,et al.  Actor-Centric Modeling of User Rights , 2004, FASE.

[3]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[4]  Christian Schaefer,et al.  A Policy Language for Distributed Usage Control , 2007, ESORICS.

[5]  Ruth Breu,et al.  Modeling permissions in a (U/X)ML world , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[6]  Christian Schaefer,et al.  Usage Control Requirements in Mobile and Ubiquitous Computing Applications , 2006, 2006 International Conference on Systems and Networks Communications (ICSNC'06).

[7]  SandhuRavi,et al.  The UCONABC usage control model , 2004 .

[8]  Ruth Breu,et al.  Towards a MOF/QVT-Based domain architecture for model driven security , 2006, MoDELS'06.

[9]  Ravi S. Sandhu,et al.  Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing , 2006, IWSEC.

[10]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[11]  丸山 宏,et al.  安全なジョブの遠隔実行を可能にするTrusted Platform on demand , 2004 .

[12]  Jean Jacques Moreau,et al.  SOAP Version 1. 2 Part 1: Messaging Framework , 2003 .

[13]  D. Eastlake,et al.  XML Encryption Syntax and Processing , 2003 .

[14]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .

[15]  M. Breu,et al.  Model driven security for Web services (MDS4WS) , 2004, 8th International Multitopic Conference, 2004. Proceedings of INMIC 2004..

[16]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[17]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[18]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[19]  Ross J. Anderson,et al.  Security in open versus closed systems - the dance of Boltzmann , 2002 .

[20]  Tim Ebringer,et al.  WS-attestation: efficient and fine-grained remote attestation on Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[21]  Alexander Pretschner,et al.  Usage Control in Service-Oriented Architectures , 2007, TrustBus.

[22]  Trent Jaeger,et al.  Attestation-based policy enforcement for remote access , 2004, CCS '04.