Entry Zhang:2008:TUB from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Zhang:2008:TUB,
  author =       "Xinwen Zhang and Masayuki Nakae and Michael J.
                 Covington and Ravi Sandhu",
  title =        "Toward a {Usage-Based Security Framework} for
                 {Collaborative Computing Systems}",
  journal =      j-TISSEC,
  volume =       "11",
  number =       "1",
  pages =        "3:1--3:??",
  month =        feb,
  year =         "2008",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/1330295.1330298",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Thu Jun 12 17:52:35 MDT 2008",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "Collaborative systems such as Grids provide efficient
                 and scalable access to distributed computing
                 capabilities and enable seamless resource sharing
                 between users and platforms. This heterogeneous
                 distribution of resources and the various modes of
                 collaborations that exist between users, virtual
                 organizations, and resource providers require scalable,
                 flexible, and fine-grained access control to protect
                 both individual and shared computing resources. In this
                 article we propose a usage control (UCON) based
                 security framework for collaborative applications, by
                 following a layered approach with policy, enforcement,
                 and implementation models, called the PEI framework. In
                 the policy model layer, UCON policies are specified
                 with predicates on subject and object attributes, along
                 with system attributes as conditional constraints and
                 user actions as obligations. General attributes include
                 not only persistent attributes such as role and group
                 memberships but also mutable usage attributes of
                 subjects and objects. Conditions in UCON can be used to
                 support context-based authorizations in ad hoc
                 collaborations. In the enforcement model layer, our
                 novel framework uses a hybrid approach for subject
                 attribute acquisition with both push and pull modes. By
                 leveraging attribute propagations between a centralized
                 attribute repository and distributed policy decision
                 points, our architecture supports decision continuity
                 and attribute mutability of the UCON policy model, as
                 well as obligation evaluations during policy
                 enforcement. As a proof-of-concept, we implement a
                 prototype system based on our proposed architecture and
                 conduct experimental studies to demonstrate the
                 feasibility and performance of our approach.",
  acknowledgement = ack-nhfb,
  articleno =    "3",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
  keywords =     "access control; Authorization; collaborative
                 computing; security architecture; UCON; usage control",
}

Related entries