Policy-driven access control over a distributed firewall architecture

Motivated by a scientific application, where virtual organisations are dynamically created to achieve specific goals by sharing resources and information, we propose the synthesis of two lines of research: policy-based access control and distributed firewalls. Through this fusion we expect to deliver a scalable method of setting up security infrastructures for Grid computing infrastructures.

[1]  李幼升,et al.  Ph , 1989 .

[2]  Steve Kent,et al.  Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management , 1989, RFC.

[3]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[4]  M. Sloman,et al.  Domains: a framework for structuring management policy , 1994 .

[5]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[6]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[7]  Audun Jøsang,et al.  The right type of trust for distributed systems , 1996, NSPW '96.

[8]  C. Goh Policy Management Requirements , 1998 .

[9]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[10]  A. Baldwin,et al.  Role of Policies in a Distributed Trust Framework , 1999 .

[11]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[12]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[13]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[14]  Ian T. Foster,et al.  A National-Scale Authentication Infrastructur , 2000, Computer.

[15]  Edson dos Santos Moreira,et al.  Implementation of an intrusion detection system based on mobile agents , 2000, 2000 Proceedings International Symposium on Software Engineering for Parallel and Distributed Systems.

[16]  Alan T. Sherman,et al.  Policy-based security management for large dynamic groups: an overview of the DCCM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[17]  Ami Marowka,et al.  The GRID: Blueprint for a New Computing Infrastructure , 2000, Parallel Distributed Comput. Pract..

[18]  Roy H. Campbell,et al.  An agent based architecture for supporting application level security , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[19]  Edith Schonberg,et al.  How to go Shopping on the World Wide Web without having your Privacy Violated , 2001 .

[20]  Edith Schonberg,et al.  Personal Information Management and Distribution , 2001 .

[21]  Theodosis Dimitrakos,et al.  System Models, e-Risks and e-Trust - Towards bridging the gap? , 2001, I3E.

[22]  Emil C. Lupu,et al.  A policy deployment model for the Ponder language , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[23]  Virgil D. Gligor Negotiation of Access Control Policies (Transcript of Discussion) , 2001, Security Protocols Workshop.

[24]  T. Dimitrakos,et al.  Towards security and trust management policies on the Web , 2001 .

[25]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[26]  T. Dimitrakos,et al.  Building Trust on the GRID Trust Issues Underpinning Scalable Virtual Organisations , 2001 .

[27]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[28]  John S. Baras,et al.  On the Negotiation of Access Control Policies , 2001, Security Protocols Workshop.

[29]  David W. Chadwick,et al.  RBAC Policies in XML for X.509 Based Privilege Management , 2002, SEC.

[30]  Steven Tuecke,et al.  The Anatomy of the Grid , 2003 .

[31]  Emil C. Lupu,et al.  A role based framework for distributed systems management , 1998 .

[32]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.