A trust negotiation based security framework for service provisioning in load-balancing clusters

The OKKAM project aims at enabling the Web of Entities, a global digital space for publishing and managing information about entities. The project provides a scalable and sustainable infrastructure, called the Entity Name System (ENS), for the systematic reuse of global and unique entity identifiers. The ENS provides a collection of core services supporting entity identifiers pervasive reuse. The ENS is required to be reliable data intensive load-balancing cluster system for service provisioning. Given the project's successful outcome, this paper presents the ENS security framework and how it enables scalable secure service provisioning underpinned by trust negotiation based access control. A detailed security performance evaluation is given, with supporting conclusions of scalable and efficient security design and implementation.

[1]  Sushil Jajodia,et al.  ADAM: Detecting Intrusions by Data Mining , 2001 .

[2]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[3]  Piero A. Bonatti,et al.  Driving and monitoring provisional trust negotiation with metapolicies , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[4]  María-del-Mar Gallardo,et al.  Semantic Access Control Model: A Formal Specification , 2005, ESORICS.

[5]  Marianne Winslett,et al.  Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation , 2003, TSEC.

[6]  Mary Ellen Zurko,et al.  A user-centered, modular authorization service built on an RBAC foundation , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[7]  Peter Fankhauser,et al.  From Web Data to Entities and Back , 2010, CAiSE.

[8]  Javier López,et al.  A metadata-based access control model for web services , 2005, Internet Res..

[9]  Marianne Winslett,et al.  Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation , 2001, NDSS.

[10]  William E. Johnston,et al.  Certificate-based Access Control for Widely Distributed Resources , 1999, USENIX Security Symposium.

[11]  Marianne Winslett,et al.  TrustBuilder2: A Reconfigurable Framework for Trust Negotiation , 2009, IFIPTM.

[12]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[13]  Ionut Constandache,et al.  Policy-Driven Negotiation for Authorization in the Grid , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[14]  Fabio Martinelli,et al.  Enhancing grid security by fine-grained behavioral control and negotiation-based authorization , 2009, International Journal of Information Security.

[15]  Fabio Massacci,et al.  A Negotiation Scheme for Access Rights Establishment in Autonomic Communication , 2006, Journal of Network and Systems Management.

[16]  Paolo Bouquet,et al.  An Entity Name System (ENS) for the Semantic Web , 2008, ESWC.

[17]  Claudia Niederée,et al.  Entity Name System: The Back-Bone of an Open and Scalable Web of Data , 2008, 2008 IEEE International Conference on Semantic Computing.

[18]  Elisa Bertino,et al.  PP-trust-X: A system for privacy preserving trust negotiations , 2007, TSEC.

[19]  Marianne Winslett,et al.  PRUNES: an efficient and complete strategy for automated trust negotiation over the Internet , 2000, CCS.

[20]  Marianne Winslett,et al.  The Traust Authorization Service , 2008, TSEC.

[21]  Verónica Dahl,et al.  HYPROLOG: A New Logic Programming Language with Assumptions and Abduction , 2005, ICLP.

[22]  Navdeep Singh,et al.  A Survey of Intrusion Detection Techniques , 2013 .

[23]  Simon S. Lam,et al.  A framework for distributed authorization , 1993, Conference on Computer and Communications Security.

[24]  Antonio Maña,et al.  A Semantic Approach to Access Control and Automated Credential Negotiation for Decentralized Online Repositories / An OKKAM Project Use Case , 2008, SWAP.

[25]  Fabio Massacci,et al.  Interactive access control for autonomic systems: From theory to implementation , 2008, TAAS.

[26]  Marianne Winslett,et al.  PeerTrust: Automated Trust Negotiation for Peers on the Semantic Web , 2004, Secure Data Management.

[27]  Marianne Winslett An Introduction to Trust Negotiation , 2003, iTrust.

[28]  Elisa Bertino,et al.  Trust-/spl Xscr/;: a peer-to-peer framework for trust establishment , 2004, IEEE Transactions on Knowledge and Data Engineering.

[29]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2002, SACMAT '02.

[30]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).