A policy framework for management of distributed systems

______________________________________________________________ iii Acknowledgements ______________________________________________________ iv Statement of Contribution _________________________________________________v Table of

[1]  Antonio Corradi,et al.  A flexible access control service for Java mobile code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[2]  R.W. Baldwin,et al.  Naming and grouping privileges to simplify security management in large databases , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Konstantin Beznosov,et al.  Supporting relationships in access control using role based access control , 1999, RBAC '99.

[4]  John Derrick,et al.  Formalising ODP enterprise policies , 1999, Proceedings Third International Enterprise Distributed Object Computing. Conference (Cat. No.99EX366).

[5]  Emil C. Lupu,et al.  Ponder: realising enterprise viewpoint concepts , 2000, Proceedings Fourth International Enterprise Distributed Objects Computing Conference. EDOC2000.

[6]  Allen B. Tucker,et al.  Authentication, Access Control, and Intrusion Detection , 2004 .

[7]  John Strassner,et al.  Policy Framework Definition Language , 1998 .

[8]  Sebastian Abeck,et al.  Integrated Management of Networked Systems: Concepts, Architectures and their Operational Application , 1999 .

[9]  Mark Burgess Recent Developments in Cfengine , 2001 .

[10]  Alwyn Langsford OSI management model and standards , 1994 .

[11]  Elisa Bertino,et al.  Exception-based information flow control in object-oriented systems , 1998, TSEC.

[12]  Stuart Kent,et al.  Interpreting the object constraint language , 1998, Proceedings 1998 Asia Pacific Software Engineering Conference (Cat. No.98EX240).

[13]  Emil C. Lupu,et al.  Ponder: A Language for Specifying Security and Management Policies for Distributed Systems , 2000 .

[14]  Mark Burgess,et al.  A Site Configuration Engine , 1995, Comput. Syst..

[15]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[16]  Jonathan D. Moffett,et al.  Control principles and role hierarchies , 1998, RBAC '98.

[17]  Geoffrey G. Xie,et al.  Network policy languages: a survey and a new approach , 2001, IEEE Netw..

[18]  Tobin J. Lehman,et al.  T Spaces : The Next Wave , 2004 .

[19]  Martin Gogolla,et al.  On Formalizing the UML Object Constraint Language OCL , 1998, ER.

[20]  Emil C. Lupu,et al.  Role-based security for distributed object systems , 1996, Proceedings of WET ICE '96. IEEE 5th Workshop on Enabling Technologies; Infrastucture for Collaborative Enterprises.

[21]  Rodolphe Ortalo,et al.  A Flexible Method for Information System Security Policy Specification , 1998, ESORICS.

[22]  Fang Chen,et al.  Constraints for role-based access control , 1996, RBAC '95.

[23]  Dan Thomsen,et al.  Role based access control framework for network enterprises , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[24]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[25]  Alexander Knapp,et al.  On the Expressive Power of Pure OCL , 2001 .

[26]  Marco Casassa Mont,et al.  POWER prototype: towards integrated policy-based management , 2000, NOMS 2000. 2000 IEEE/IFIP Network Operations and Management Symposium 'The Networked Planet: Management Beyond 2000' (Cat. No.00CB37074).

[27]  Aashu Virmani,et al.  Netmon: network management for the SARAS softswitch , 2000, NOMS 2000. 2000 IEEE/IFIP Network Operations and Management Symposium 'The Networked Planet: Management Beyond 2000' (Cat. No.00CB37074).

[28]  Ravi S. Sandhu,et al.  Role activation hierarchies , 1998, RBAC '98.

[29]  Rosanna Lee,et al.  Schema for Representing Java(tm) Objects in an LDAP Directory , 1999, RFC.

[30]  Emil C. Lupu,et al.  A policy deployment model for the Ponder language , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[31]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[32]  P. Hyland Management of Network Security Applications , 1998 .

[33]  James Bret Michael,et al.  Natural-language processing support for developing policy-governed software systems , 2001, Proceedings 39th International Conference and Exhibition on Technology of Object-Oriented Languages and Systems. TOOLS 39.

[34]  Ross J. Anderson,et al.  A security policy model for clinical information systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[35]  André Zúquete,et al.  Enforcing Obligation with Security Monitors , 2001, ICICS.

[36]  M. Sloman,et al.  Domains: a framework for structuring management policy , 1994 .

[37]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[38]  Mark Burgess,et al.  Predictable configuration management in a randomized scheduling framework , 2001, DSOM.

[39]  Morris Sloman,et al.  An architecture for managing distributed systems , 1993, 1993 4th Workshop on Future Trends of Distributed Computing Systems.

[40]  Virgil D. Gligor,et al.  Characteristics of role-based access control , 1996, RBAC '95.

[41]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[42]  Frank Stajano,et al.  Security policies , 2001, Adv. Comput..

[43]  Stephen B. Maurer Directed Acyclic Graphs , 2003 .

[44]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[45]  Tim Howes,et al.  Lightweight Directory Access Protocol (v3) , 1997, RFC.

[46]  Jorge Lobo,et al.  A Logic Programming Approach to Conflict Resolution in Policy Management , 2000, KR.

[47]  Ramana Rao,et al.  A focus+context technique based on hyperbolic geometry for visualizing large hierarchies , 1995, CHI '95.

[48]  Gail-Joon Ahn,et al.  The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[49]  Arnon Rosenthal,et al.  Flexible Security Policies in SQL , 2001, DBSec.

[50]  Vijay Varadharajan,et al.  Elements of a Language for Role-Based Access Control , 2000, SEC.

[51]  Vijay Varadharajan,et al.  Joint actions based authorization schemes , 1996, OPSR.

[52]  John Derrick,et al.  ODP enterprise viewpoint specification , 2000 .

[53]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[54]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[55]  Morris Sloman,et al.  GEM: a generalized event monitoring language for distributed systems , 1997, Distributed Syst. Eng..

[56]  Amir Herzberg,et al.  Access control meets public key infrastructure, or: assigning roles to strangers , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[57]  Nikolaos Yialelis Domain-based security for distributed object systems , 1996 .

[58]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[59]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[60]  Damian A. Marriott Policy Service for Distributed Systems , 1997 .

[61]  Jean Bacon,et al.  Generic Support for Distributed Applications , 2000, Computer.

[62]  Morris Sloman,et al.  MANAGING SECURITY IN OBJECT-BASED DISTRIBUTED SYSTEMS USING PONDER , 2000 .

[63]  Karl N. Levitt,et al.  Security Policy Specification Using a Graphical Approach , 1998, ArXiv.

[64]  Morris Sloman,et al.  Implementation of a Management Agent fo r Interpreting Obligation Policy , 1996 .

[65]  Vipin Chaudhary,et al.  History-based access control for mobile code , 1998, CCS '98.

[66]  J. Doug Tygar,et al.  Miró: Visual Specification of Security , 1990, IEEE Trans. Software Eng..

[67]  Emil C. Lupu,et al.  A role based framework for distributed systems management , 1998 .

[68]  G.J. Minden,et al.  A survey of active network research , 1997, IEEE Communications Magazine.

[69]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[70]  Jean Bacon,et al.  An Architecture for Distributed OASIS Services , 2000, Middleware.

[71]  Mark Skall,et al.  Role-Based Access Control for the Web , 1998 .

[72]  Jorge Lobo,et al.  A Policy Description Language , 1999, AAAI/IAAI.

[73]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[74]  Yi Deng,et al.  A framework for implementing role-based access control using CORBA security service , 1999, RBAC '99.

[75]  Emil C. Lupu,et al.  A Policy Language for the Management of Distributed Agents , 2001, AOSE.

[76]  Dinesh C. Verma,et al.  Policy Based SLA Management in Enterprise Networks , 2001, POLICY.

[77]  Tim Howes,et al.  Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions , 1997, RFC.

[78]  David M. Chess,et al.  Security Issues in Mobile Code Systems , 1998, Mobile Agents and Security.

[79]  Vijay Varadharajan,et al.  Tower: A Language for Role Based Access Control , 2001, POLICY.

[80]  Herbert Bos Application-specific policies: beyond the domain boundaries , 1999, Integrated Network Management VI. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management. (Cat. No.99EX302).

[81]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.

[82]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[83]  André Zúquete,et al.  SPL: An Access Control Language for Security Policies and Complex Constraints , 2001, NDSS.

[84]  Jean-Pierre Hubaux,et al.  A Survey of Distributed Enterprise Network and Systems Management Paradigms , 1999, Journal of Network and Systems Management.

[85]  Matthew Hennessy,et al.  Semantics of programming languages - an elementary introduction using structural operational semantics , 1990 .

[86]  Daniel Jackson,et al.  Some Shortcomings of OCL, the Object Constraint Language of UML , 2000, TOOLS.

[87]  A. Baldwin,et al.  Role of Policies in a Distributed Trust Framework , 1999 .

[88]  Laurie J. Hendren,et al.  SableCC, an object-oriented compiler framework , 1998, Proceedings. Technology of Object-Oriented Languages. TOOLS 26 (Cat. No.98EX176).

[89]  Kenneth Slonneger,et al.  Formal syntax and semantics of programming languages , 1994 .

[90]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[91]  Daniel Jackson,et al.  Alloy: a lightweight object modelling notation , 2002, TSEM.

[92]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[93]  Philippe A. Janson Security for management and management of security , 1994 .

[94]  Zhao Jing-kai Access Control in an Open Distributed Environment , 2004 .

[95]  Morris Sloman,et al.  Policies Hierarchies for Distributed Systems Management , 1993, IEEE J. Sel. Areas Commun..

[96]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[97]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[98]  Emil C. Lupu,et al.  Tools for domain-based policy management of distributed systems , 2002, NOMS 2002. IEEE/IFIP Network Operations and Management Symposium. ' Management Solutions for the New Communications World'(Cat. No.02CH37327).

[99]  Dinesh C. Verma,et al.  Policy-Based Networking: Architecture and Algorithms , 2000 .

[100]  Paul Monday,et al.  The Jiro Technology Programmer's Guide and Federated Management Architecture , 2001 .

[101]  Abe Lockman,et al.  Ensuring integrity by adding obligations to privileges , 1985, ICSE '85.

[102]  Daniel Jackson,et al.  Alcoa: the Alloy constraint analyzer , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[103]  Antonio Corradi,et al.  Policy-Driven Management of Agent Systems , 2001, POLICY.

[104]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[105]  Emil C. Lupu,et al.  Reconciling role based management and role based access control , 1997, RBAC '97.