Entry Lee:2008:ESC from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Lee:2008:ESC,
  author =       "Adam J. Lee and Marianne Winslett",
  title =        "Enforcing Safety and Consistency Constraints in
                 Policy-Based Authorization Systems",
  journal =      j-TISSEC,
  volume =       "12",
  number =       "2",
  pages =        "8:1--8:??",
  month =        dec,
  year =         "2008",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/1455518.1455520",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Tue Dec 23 11:58:14 MST 2008",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "In trust negotiation and other forms of distributed
                 proving, networked entities cooperate to form proofs of
                 authorization that are justified by collections of
                 certified attribute credentials. These attributes may
                 be obtained through interactions with any number of
                 external entities and are collected and validated over
                 an extended period of time. Although these collections
                 of credentials in some ways resemble partial system
                 snapshots, current trust negotiation and distributed
                 proving systems lack the notion of a consistent global
                 state in which the satisfaction of authorization
                 policies should be checked. In this article, we argue
                 that unlike the notions of consistency studied in other
                 areas of distributed computing, the level of
                 consistency required during policy evaluation is
                 predicated solely upon the security requirements of the
                 policy evaluator. As such, there is little incentive
                 for entities to participate in complicated consistency
                 preservation schemes like those used in distributed
                 computing, distributed databases, and distributed
                 shared memory. We go on to show that the most intuitive
                 notion of consistency fails to provide basic safety
                 guarantees under certain circumstances and then propose
                 several more refined notions of consistency that
                 provide stronger safety guarantees. We provide
                 algorithms that allow each of these refined notions of
                 consistency to be attained in practice with minimal
                 overheads and formally prove several security and
                 privacy properties of these algorithms. Lastly, we
                 explore the notion of strategic design trade-offs in
                 the consistency enforcement algorithm space and propose
                 several modifications to the core algorithms presented
                 in this article. These modifications enhance the
                 privacy-preservation or completeness properties of
                 these algorithms without altering the consistency
                 constraints that they enforce.",
  acknowledgement = ack-nhfb,
  articleno =    "8",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
  keywords =     "consistency; credentials; distributed proving; trust
                 negotiation",
}

Related entries