Generalized Access Control of Synchronous Communication

The security of modern networked applications, such as the information infrastructure of medical institutions or commercial enterprises, requires increasingly sophisticated access control (AC) that can support global, enterprise-wide policies that are sensitive to the history of interaction. The Law-Governed Interaction (LGI) mechanism supports such policies, but so far only for asynchronous message passing communication. This paper extends LGI to synchronous communication, thus providing advanced control over this important and popular mode of communication. Among the novel characteristics of this control are: the regulation of both the request and the reply, separately, but in a coordinated manner; regulated timeout capability provided to clients, in a manner that takes into account the concerns of their server; and enforcement on both the client and server sides.

[1]  Victoria Ungureanu,et al.  Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems , 2000, TSEM.

[2]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[3]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[4]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[5]  UngureanuVictoria,et al.  Law-governed interaction , 2000 .

[6]  Simon N. Foley The specification and implementation of “commercial” security requirements including dynamic segregation of duties , 1997, CCS '97.

[7]  Günter Karjoth The Authorization Service of Tivoli Policy Director , 2001, Seventeenth Annual Computer Security Applications Conference.

[8]  Yi Deng,et al.  A framework for implementing role-based access control using CORBA security service , 1999, RBAC '99.

[9]  Bronis R. de Supinski,et al.  OpenMP Shared Memory Parallel Programming - International Workshops, IWOMP 2005 and IWOMP 2006, Eugene, OR, USA, June 1-4, 2005, Reims, France, June 12-15, 2006. Proceedings , 2008, IWOMP.

[10]  Santosh K. Shrivastava,et al.  An examination of the transition of the Arjuna distributed transaction processing software from research to products , 2002, WIESS'02.

[11]  Carl Kesselman,et al.  The Nexus task-parallel runtime system , 1994 .

[12]  Naftaly H. Minsky,et al.  Flexible Regulation of Distributed Coalitions , 2003, ESORICS.

[13]  Dieter Gollmann,et al.  Computer Security – ESORICS 2003 , 2003, Lecture Notes in Computer Science.

[14]  Ross J. Anderson,et al.  A security policy model for clinical information systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[15]  Victoria Ungureanu,et al.  Formal treatment of certificate revocation under communal access control , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[16]  Andrew Birrell,et al.  Implementing remote procedure calls , 1984, TOCS.

[17]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[18]  Matjaz B. Juric,et al.  CORBA , RMI and RMI-IIOP Performance Analysis and Optimization , 2000 .

[19]  Mitsuhisa Sato,et al.  OmniRPC: A Grid RPC Facility for Cluster and Global Computing in OpenMP , 2001, WOMPAT.

[20]  Tatyana Ryutov,et al.  Representation and evaluation of security policies for distributed system services , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.