Abstract
The security of modern networked applications, such as the information infrastructure of medical institutions or commercial enterprises, requires increasingly sophisticated access control (AC) that can support global, enterprise-wide policies that are sensitive to the history of interaction. The Law-Governed Interaction (LGI) mechanism supports such policies, but so far only for asynchronous message passing communication. This paper extends LGI to synchronous communication, thus providing advanced control over this important and popular mode of communication. Among the novel characteristics of this control are: the regulation of both the request and the reply, separately, but in a coordinated manner; regulated timeout capability provided to clients, in a manner that takes into account the concerns of their server; and enforcement on both the client and server sides.
Work supported in part by NSF grant No. CCR-04-10485.
Chapter PDF
Similar content being viewed by others
References
Anderson, J.R.: A security policy model for clinical information systems. In: Proceedings of the IEEE Symposium on Security and Privacy (May 1996)
Ao, X., Minsky, N., Ungureanu, V.: Formal treatment of certificate revocation under communal access control. In: Proc. of the 2001 IEEE Symposium on Security and Privacy, Oakland California (May 2001), available from: http://www.cs.rutgers.edu/~minsky/pubs.html
Ao, X., Minsky, N.H.: Flexible regulation of distributed coalitions. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 39–60. Springer, Heidelberg (2003), available from: http://www.cs.rutgers.edu/~minsky/pubs.html
Beznosov, K., Deng, Y.: A Framework for Implementing Role-Based Access Control Using CORBA Security Service. In: ACM Workshop on Role-Based Access Control, pp. 19–30 (1999)
Birrell, A., Nelson, J.B.: Implementing Remote Procedure Calls. ACMTOCS 2(1), 39–59 (1984)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The keynote trust-management systems, version 2. ietf rfc 2704 (September 1999)
Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: Proceedings of the IEEE Symposium in Security and Privacy, pp. 184–194. IEEE Computer Society, Los Alamitos (1987)
Microsoft Corporation. COM: Component Object Model Technologies, http://www.microsoft.com/com/default.mspx
Ferraiolo, D., Barkley, J., Kuhn, R.: A role based access control model and reference implementation within a corporate intranets. ACM Transactions on Information and System Security 2(1) (February 1999)
Foley, S.: The specification and implementation of ‘commercial’ security requirements including dynamic segregation of duties. In: Proceedings of the 4th ACM Conference on Computer and Communications Security (April 1997)
Foster, I., Kesselman, C., Tuecke, S.: The Nexus task-parallel runtime system. In: Proc. 1st Intl Workshop on Parallel Processing, pp. 457–462. Tata McGraw Hill, New York (1994)
Godic, S., Moses, T.: Oasis eXtensible Access Control Markup Language (XACML), vesion 2 (March 2005), http://www.oasis-open.org/committees/xacml/index.shtml
Object Management Group. OMG Security, http://www.omg.org/technology/documents/formal/omg_security.htm
Juric, M.B., Rozman, I., Hericko, M., Domajnko, T.: CORBA, RMI and RMI-IIOP Performance Analysis and Optimization. In: SCI 2000, Orlando, Florida, USA (July 2000)
Karjoth, G.: The Authorization Service of Tivoli Policy Director. In: Proc. of the 17th Annual Computer Security Applications Conference (ACSAC 2001) (December 2001)
Little, M.C., Shrivastava, S.K.: An Examination of the Transition of the Arjuna Distributed Transaction Processing Software from Research to Products. In: Proceedings of the 2nd USENIX Workshop on Industrial Experiences with Systems Software (WIESS 2002) (Co-located with OSDI 2002) USENIX Association 2002, Boston, MA, USA, December 8 (2002)
Minsky, N.H.: Law Governed Interaction (LGI): A Distributed Coordination and Control Mechanism (An Introduction, and a Reference Manual). Technical report, Rutgers University (June 2005), available at: http://www.moses.rutgers.edu/documentation/manual.pdf
Minsky, N.H., Ungureanu, V.: Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems. TOSEM, ACM Transactions on Software Engineering and Methodology 9(3), 273–305 (2000), available from: http://www.cs.rutgers.edu/~minsky/pubs.html
Rivest, R.: The MD5 message digest algorithm. Technical report, MIT, RFC 1320 (April 1992)
Ryutov, T., Neuman, C.: Representation and evaluation of security policies for distributed system services. In: Proceedings of the DARPA Information Survivability Conference and Exposition, South Carolina, January 2000, pp. 172–183 (2000)
Sandhu, R., Bhamidipati, V., Munawer, M.: The ARBAC97 model for role-based administartion of roles. ACM Transactions on Information and System Security 2(1), 105–135 (1999)
Sato, M., Hirano, M., Tanaka, Y., Sekiguchi, S.: OmniRPC: A Grid RPC facility for cluster and global computing in OpenMP. In: Eigenmann, R., Voss, M.J. (eds.) WOMPAT 2001. LNCS, vol. 2104, p. 130. Springer, Heidelberg (2001)
Inc Sun Microsystems. RMI Wire Protocol, http://java.sun.com/j2se/1.4.2/docs/guide/rmi/spec/rmi-protocol.html
Ninja Team. The Ninja Project Enabling Internet-scale Services from Arbitrarily Small Devices, http://ninja.cs.berkeley.edu/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 IFIP International Federation for Information Processing
About this paper
Cite this paper
Serban, C., Minsky, N. (2006). Generalized Access Control of Synchronous Communication. In: van Steen, M., Henning, M. (eds) Middleware 2006. Middleware 2006. Lecture Notes in Computer Science, vol 4290. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11925071_15
Download citation
DOI: https://doi.org/10.1007/11925071_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49023-4
Online ISBN: 978-3-540-68256-1
eBook Packages: Computer ScienceComputer Science (R0)