Abstract
This paper considers a coalition C of enterprises {E 1,..., E n }, which is to be governed by a coalition policyP C , and where each member-enterprise E i has its own internal policy P i that regulates its participation in the coalition. The main question addressed in this paper is how can these three policies be brought to bear, on a single transaction—given that the two internal policies P i and P j may be formulated independently of each other, and may be considered confidential by the respective enterprises. We provide an answer to this question via a concept of policy-hierarchy, introduced into a regulatory mechanism called Law-Governed Interaction (LGI).
Keywords
Work supported in part by NSF grant No. CCR-98-03698
Download to read the full chapter text
Chapter PDF
References
Ao, X., Minsky, N., Nguyen, T., Ungureanu, V.: Law-governed communities over the internet. In: Porto, A., Roman, G.-C. (eds.) COORDINATION 2000. LNCS, vol. 1906, pp. 133–147. Springer, Heidelberg (2000)
Ao, X., Minsky, N., Ungureanu, V.: Formal treatment of certificate revocation under communal access control. In: Proc. of the 2001 IEEE Symposium on Security and Privacy, Oakland California, May 2001, pp. 116–127 (2001)
Ao, X., Minsky, N.H., Nguyen, T.D.: A hierarchical policy specification language, and enforcement mechanism, for governing digital enterprises. In: Proc. of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey, California, June 2002, pp. 38–49 (2002)
Belokosztolszki, A., Moody, K.: Meta-policies for distributed role-based access control systems. In: Proc. of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey, California, June 2002, pp. 106–115 (2002)
Bidan, C., Issarny, V.: Dealing with multi-policy security in large open distributed systems. In: Proceedings of 5th European Symposium on Research in Computer Security, September 1998, pp. 51–66 (1998)
Bonatti, P., Vimercati, S.D., Samarati, P.: A modular approach to composing access control policies. In: Proceedings of the 7th ACM conference on Computer and communications security, pp. 164–173 (2000)
Clocksin, W.F., Mellish, C.S.: Programming in Prolog. Springer, Heidelberg (1981)
Gligor, V., Khurana, H., Koleva, R., Bharadwaj, V., Baras, J.: On the negotiation of access control policies. In: Proc. of the Security Protocols Workshop, Cambridge, UK (April 2001)
Gong, L., Qian, X.: Computational issues in secure interoperation. IEEE Transctions on Software Engineering, 43–52 (January 1996)
Karjoth, G.: The authorization service of tivoli policy director. In: Proc. of the 17th Annual Computer Security Applications Conference (ACSAC 2001) (December 2001) (to appear)
Khurana, H., Gligor, V., Linn, J.: Reasoning about joint administration of access policies for coalition resources. In: Proc. of IEEE Int. Conf. On Distr. Computing (ICDCS), Vienna, Austria, July 2002, pp. 429–440 (2002)
McDaniel, P., Prakash, A.: Methods and limitations of security policy reconciliation. In: Proceedings of the IEEE Symposium on Security and Privacy, May 2002, pp. 66–80 (2002)
Minsky, N.H.: The imposition of protocols over open distributed systems. IEEE Transactions on Software Engineering (February 1991)
Minsky, N.H., Ungureanu, V.: Unified support for heterogeneous security policies in distributed systems. In: 7th USENIX Security Symposium (January 1998)
Minsky, N.H., Ungureanu, V.: Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems. TOSEM, ACM Transactions on Software Engineering and Methodology 9(3), 273–305 (2000)
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration. In: Proc. of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey, California, June 2002, pp. 50–59 (2002)
Schneier, B.: Applied Cryptography. John Wiley and Sons, Chichester (1996)
Shands, D., Yee, R., Jacobs, J., Sebes, E.: Secure virtual enclaves: Supporting coalition use of distributed application technologies. In: Proc. of Network and Distributed System Security Symposium, San Diego, California (February 2000)
Thomson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-based access control for widely distrbuted resources. In: Proceedings of 8th USENIX Security Symposium (August 1999)
Wijesekera, D., Jajodia, S.: Policy algebras for access control: the propositional case. In: Proceedings of the 8th ACM conference on Computer and communications security, pp. 38–47 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ao, X., Minsky, N.H. (2003). Flexible Regulation of Distributed Coalitions. In: Snekkenes, E., Gollmann, D. (eds) Computer Security – ESORICS 2003. ESORICS 2003. Lecture Notes in Computer Science, vol 2808. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39650-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-39650-5_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20300-1
Online ISBN: 978-3-540-39650-5
eBook Packages: Springer Book Archive