Flexible Regulation of Distributed Coalitions

This paper considers a coalition C of enterprises {E 1,..., E n }, which is to be governed by a coalition policyP C , and where each member-enterprise E i has its own internal policy P i that regulates its participation in the coalition. The main question addressed in this paper is how can these three policies be brought to bear, on a single transaction—given that the two internal policies P i and P j may be formulated independently of each other, and may be considered confidential by the respective enterprises. We provide an answer to this question via a concept of policy-hierarchy, introduced into a regulatory mechanism called Law-Governed Interaction (LGI).

[1]  Victoria Ungureanu,et al.  Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems , 2000, TSEM.

[2]  Sushil Jajodia,et al.  Policy algebras for access control: the propositional case , 2001, CCS '01.

[3]  Victoria Ungureanu,et al.  Law-Governed Internet Communities , 2000, COORDINATION.

[4]  Li Gong,et al.  Computational Issues in Secure Interoperation , 1996, IEEE Trans. Software Eng..

[5]  Atul Prakash,et al.  Methods and limitations of security policy reconciliation , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[6]  Günter Karjoth The Authorization Service of Tivoli Policy Director , 2001, Seventeenth Annual Computer Security Applications Conference.

[7]  William E. Johnston,et al.  Certificate-based Access Control for Widely Distributed Resources , 1999, USENIX Security Symposium.

[8]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[9]  Thu D. Nguyen,et al.  A Hierarchical Policy Specification Language and Enforcement Mechanism for Governing Digital Enterprises , 2002, POLICY.

[10]  Sabrina De Capitani di Vimercati,et al.  A modular approach to composing access control policies , 2000, CCS.

[11]  Victoria Ungureanu,et al.  Unified Support for Heterogeneous Security Policies in Distributed Systems , 1998, USENIX Security Symposium.

[12]  Valérie Issarny,et al.  Dealing with Multi-policy Security in Large Open Distributed Systems , 1998, ESORICS.

[13]  Victoria Ungureanu,et al.  Formal treatment of certificate revocation under communal access control , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[14]  John S. Baras,et al.  On the Negotiation of Access Control Policies , 2001, Security Protocols Workshop.

[15]  Ken Moody,et al.  Meta-policies for distributed role-based access control systems , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[16]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[17]  William F. Clocksin,et al.  Programming in Prolog , 1987, Springer Berlin Heidelberg.

[18]  Himanshu Khurana,et al.  Reasoning about joint administration of access policies for coalition resources , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[19]  Naftaly H. Minsky,et al.  The Imposition of Protocols Over Open Distributed Systems , 1991, IEEE Trans. Software Eng..

[20]  Richard Yee,et al.  Secure Virtual Enclaves: supporting coalition use of distributed application technologies , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.