Abstract
This paper introduces an abstract reference model, called interaction control (IC), for the governance of large and heterogeneous distributed systems. This model goes well beyond conventional access control, along a number of dimensions. In particular, the IC model has the following characteristics: (1) it is inherently decentralized, and thus scalable even for a wide range of stateful policies; (2) it is very general, and not biased toward any particular type of policies; thus providing a significant realization of the age-old principle of separation of policy from mechanism; and (3) it enables flexible, composition-free, interoperability between different policies.
The IC model, which is an abstraction of a mechanism called law-governed interaction (LGI), has been designed as a minimalist reference model that can be reified into a whole family of potential control mechanisms that may support different types of communication, with different performance requirements and for different application domains.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ao, X., Minsky, N., Ungureanu, V.: Formal treatment of certificate revocation under communal access control. In: Proc. of the 2001 IEEE Symposium on Security and Privacy, Oakland California (May 2001)
Ao, X., Minsky, N.H.: Flexible Regulation of Distributed Coalitions. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 39–60. Springer, Heidelberg (2003)
Ao, X., Minsky, N.H.: On the role of roles: from role-based to role-sensitive access control. In: Proc. of the 9th ACM Symposium on Access Control Models and Technologies, Yorktown Hights, NY, USA (June 2004)
Ao, X., Minsky, N.H.: Regulated delegation in distributed systems. In: Proc. of the IEEE 7th International Workshop on Policies for Distributed Systems and Networks, London, Ontario, Canada (June 2006)
Arbaugh, W., Farber, D., Smith, J.: A secure and reliable bootstrap architecture. In: Proceedings of 1997 IEEE Symposium on Security and Privacy (1997)
Bandmann, O., Dam, M., Babak, S.F.: Constrained delegations. In: proceedings of 2002 IEEE Symposium on Security and Privacy (May 2002)
Barkley, J., Beznosov, K., Uppal, J.: Supporting relationships in access control using role based access control. In: Proceedings of the Fourth ACM Workshop on Role-Based Access Control, pp. 55–65 (October 1999)
Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations and model. Technical Report M74-244, Mitre Corp. (August 1975)
Bertino, E., Bonatti, P.A., Ferrari, E.: Trbac: A temporal role-based access control model. ACM Tran. on Information and System Security 4(3) (2001)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The keynote trust-management systems, version 2. ietf rfc 2704 (September 1999)
Coetzee, M., Eloff, J.H.P.: Virtual enterprise access control requirements. In: Proceedings of SAICSIT 2003 Conference, pp. 285–294. ACM (2003)
Dudheria, R., Trappe, W., Minsky, N.: Coordination and control in mobile ubiquitous computing applications using law governed interaction. In: Proc. of the Fourth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies (UBICOMM) Florence, Italy (October 2010)
Giuri, L., Iglio, P.: Role templates for content-based access control. In: Proc. of the ACM Workshop on Role-Based Access Control, RBAC 1997 (1997)
Godic, S., Moses, T.: Oasis extensible access control. markup language (xacml), version 2. Technical report, Oasis (March 2005)
He, Z., Phan, T., Nguyen, T.D.: Enforcing enterprise-wide policies over standard client-server interactions. In: Proc. of the Symp. on Reliable Distributed Systems, SRDS (2005)
Jajodia, S., Samarati, P., Sapino, M.L., Subramanian, V.S.: Flexible support for multiple access control policies. ACM Trans. on Database Systems 26(2) (June 2001)
Joshi, J.B.D., Bertino, E., Sahfiq, B., Ghafoor, A.: Dependencies and separation of duty constraints in gtrbac. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, SACMAT 2003 (2003)
Lampson, B.W.: Protection. In: Proceedings of 5th Princeton Symposium on Information Sciences and Systems, pp. 437–443 (March 1971); Reprinted in ACM Operating Sysytems Revue 8(1), 18–24 (1974)
Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. ACM Transaction on Information and System Security (TISSEC), 128–171 (February 2003)
McDaniel, P., Prakash, A.: Methods and limitations of security policy reconciliation. In: Proc. of the IEEE Symp on Security and Privacy (May 2002)
Minsky, N.H.: Regularity-Based Trust in Cyberspace. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 17–32. Springer, Heidelberg (2003)
Naftaly, H.: Minsky. The imposition of protocols over open distributed systems. IEEE Transactions on Software Engineering (February 1991)
Naftaly, H.: Minsky. A decentralized treatment of a highly distributed chinese-wall policy. In: Proc. of the IEEE 5th Int. Workshop on Policies for Distributed Systems and Networks, Yorktown Hights, NY, USA (June 2004)
Minsky, N.H.: Law Governed Interaction (LGI): A Distributed Coordination and Control Mechanism (An Introduction, and a Reference Manual) (February 2006)
Minsky, N.H., Ungureanu, V.: Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems. TOSEM, ACM Transactions on Software Engineering and Methodology 9(3), 273–305 (2000)
Moyer, M.J., Abamad, M.: Generalized role-based access control. In: Proc. of the 21st Intern. Conf. on Distributed Computing Systems, pp. 391–398 (2001)
Osborn, S., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)
Ribeiro, C., Ferreira, P.: A policy-oriented language for expressing security specifications. International Journal of Network Security 5(3) (November 2007)
Sandhu, R.S., Ferraiolo, D., Kuhn, R.: The nist model for role-based access control: Towards a unified standard. In: Proceedings of ACM Workshop on Role-Based Access Control. ACM (2000)
Schneider, F.B. (ed.): Trust in Cyberspace. National Academy Press (1999)
Ungureanu, V., Minsky, N.H.: Establishing Business Rules for Inter-Enterprise Electronic Commerce. In: Herlihy, M.P. (ed.) DISC 2000. LNCS, vol. 1914, pp. 179–193. Springer, Heidelberg (2000)
Wulf, W., Cohen, E., Corwin, W., Jones, A., Levin, C., Pierson, C., Pollack, F.: Hydra: The kernel of a multiprocessor operating system. CACM 17, 337–345 (1974)
Zhang, W., Serban, C., Minsky, N.H.: Establishing Global Properties of Multi-Agent Systems Via Local Laws. In: Weyns, D., Van Dyke Parunak, H., Michel, F. (eds.) E4MAS 2006. LNCS (LNAI), vol. 4389, pp. 170–183. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Minsky, N.H. (2012). Decentralized Governance of Distributed Systems via Interaction Control. In: Artikis, A., Craven, R., Kesim Çiçekli, N., Sadighi, B., Stathis, K. (eds) Logic Programs, Norms and Action. Lecture Notes in Computer Science(), vol 7360. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29414-3_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-29414-3_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29413-6
Online ISBN: 978-3-642-29414-3
eBook Packages: Computer ScienceComputer Science (R0)