A Specification Language for Distributed Policy Control

In this paper, we discuss a distributed policy control model where each object has its own policy and objects' behaviors are autonomously controlled based on those policies when they interact with one another. First the paper proposes a policy specification language suitable for distributed policy control. The operational semantics of the language is formally defined. Based on the formal semantics, we propose a runtime policy control mechanism for interpreting a given policy specification and sequencing method execution.

[1]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[2]  Jorge Lobo,et al.  A Policy Description Language , 1999, AAAI/IAAI.

[3]  David M. Chess,et al.  Security Issues in Mobile Code Systems , 1998, Mobile Agents and Security.

[4]  Sebastian Abeck,et al.  Integrated Management of Networked Systems: Concepts, Architectures and their Operational Application , 1999 .

[5]  Nicodemos Constantinou Damianou,et al.  A policy framework for management of distributed systems , 2002 .

[6]  Walter Cazzola,et al.  Reflective Authorization Systems: Possibilities, Benefits, and Drawbacks , 1999, Secure Internet Programming.

[7]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[8]  Karl N. Levitt,et al.  Security Policy Specification Using a Graphical Approach , 1998, ArXiv.

[9]  Emil C. Lupu,et al.  A role based framework for distributed systems management , 1998 .

[10]  Rodolphe Ortalo,et al.  A Flexible Method for Information System Security Policy Specification , 1998, ESORICS.

[11]  Emil C. Lupu,et al.  Ponder: A Language for Specifying Security and Management Policies for Distributed Systems , 2000 .

[12]  Aashu Virmani,et al.  Netmon: network management for the SARAS softswitch , 2000, NOMS 2000. 2000 IEEE/IFIP Network Operations and Management Symposium 'The Networked Planet: Management Beyond 2000' (Cat. No.00CB37074).

[13]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[14]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[15]  Shai Herzog,et al.  Requirements for a Policy Management System , 2000 .

[16]  Allen B. Tucker,et al.  Authentication, Access Control, and Intrusion Detection , 2004 .

[17]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[18]  Damian A. Marriott Policy Service for Distributed Systems , 1997 .

[19]  Fang Chen,et al.  Constraints for role-based access control , 1996, RBAC '95.

[20]  M. Sloman,et al.  Domains: a framework for structuring management policy , 1994 .

[21]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[22]  Jan Vitek,et al.  Secure Internet Programming , 1999 .