Skip to main content
SpringerLink
Log in

Enforcing UCON Policies on the Enterprise Service Bus

  • Conference paper
On the Move to Meaningful Internet Systems, OTM 2010 (OTM 2010)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6427))

Abstract

In enterprise applications, regulatory and business policies are shifting their semantic from access to usage control requirements. The aim of such policies is to constrain the usage of groups of resources based on complex conditions that require not only state-keeping but also automatic reaction to state changes. We argue that these policies instantiate usage control requirements that can be enforced at the infrastructure layer. Extending a policy language that we prove equivalent to an enhanced version of the UCON model, we build on an instrumented message bus to enact these policies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  2. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Damianou, N., Dulay, N., Lupu, E., Sloman, M., Tonouchi, T.: Tools for domain-based policy management of distributed systems. In: NOMS, pp. 203–217 (2002)

    Google Scholar 

  4. Gheorghe, G., Neuhaus, S., Crispo, B.: xESB: An Enterprise Service Bus for access and usage control policy enforcement. In: 4th IFIP WG 11.11 International Conference on Trust Management (2010)

    Google Scholar 

  5. Goovaerts, T., Win, B.D., Joosen, W.: A flexible architecture for enforcing and composing policies in a service-oriented environment. In: Indulska, J., Raymond, K. (eds.) DAIS 2007. LNCS, vol. 4531, pp. 253–266. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  6. Hoare, C.: Communicating sequential processes. Communications of the ACM 21(8), 666–677 (1978)

    Article  MATH  Google Scholar 

  7. Katt, B., Zhang, X., Breu, R., Hafner, M., Seifert, J.: A general obligation model and continuity: enhanced policy enforcement engine for usage control. In: Proc. 13th ACM Symposium on Access Control Models and Technologies, SACMAT 2008, pp. 123–132. ACM, New York (2008)

    Google Scholar 

  8. Lam, T., Minsky, N.: A collaborative framework for enforcing server commitments, and for regulating server interactive behavior in soa-based systems. In: Proc. 5th Intl. Conf. on Collaborative Computing: Networking, Applications and Worksharing, pp. 1–10 (2009)

    Google Scholar 

  9. Maierhofer, A., Dimitrakos, T., Titkov, L., Brossard, D.: Extendable and adaptive message-level security enforcement framework. In: ICNS 2006, p. 72 (2006)

    Google Scholar 

  10. Martinelli, F., Mori, P.: On usage control for grid systems. In: Future Generation Computer Systems (to appear 2010)

    Google Scholar 

  11. Martinelli, F., Mori, P., Vaccarelli, A.: Towards continuous usage control on grid computational services. In: Proc. Intl. Conf. Autonomic and Autonomous Systems and International Conference on Networking and Services 2005, p. 82. IEEE Computer Society, Los Alamitos (2005)

    Google Scholar 

  12. Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)

    Article  Google Scholar 

  13. Pretschner, A., Hilty, M., Basin, D., Schaefer, C., Walter, T.: Mechanisms for usage control. In: Proc. of 2008 ACM Symposium on Information, Computer and Comm. Sec., ASIACCS 2008, pp. 240–244. ACM, New York (2008)

    Chapter  Google Scholar 

  14. Pretschner, A., Schütz, F., Schaefer, C., Walter, T.: Policy evolution in distributed usage control. In: 4th Intl. Workshop on Security and Trust Management (June 2008)

    Google Scholar 

  15. Ribeiro, C., Zúquete, A., Ferreira, P., Guedes, P.: Spl: An access control language for security policies with complex constraints. In: Proceedings of the Network and Distributed System Security Symposium, pp. 89–107 (1999)

    Google Scholar 

  16. Sun, Java Community Process Program: Sun JSR-000208 Java Business Integration, http://jcp.org/aboutJava/communityprocess/final/jsr208/index.html

  17. Svirskas, A., Isachenkova, J., Molva, R.: Towards secure and trusted collaboration environment for european public sector. In: Intl. Conf. on Collaborative Computing: Networking, Applications and Worksharing, pp. 49–56 (November 2007)

    Google Scholar 

  18. Verhanneman, T., Piessens, F., Win, B.D., Joosen, W.: Uniform application-level access control enforcement of organizationwide policies. In: ACSAC 2005, pp. 431–440. IEEE Computer Society, Los Alamitos (2005)

    Google Scholar 

  19. Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Trans. on Information and System Security, 351–387 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Trento, Italy

    Gabriela Gheorghe & Bruno Crispo

  2. IIT CNR, Pisa, Italy

    Paolo Mori & Fabio Martinelli

Authors
  1. Gabriela Gheorghe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paolo Mori
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bruno Crispo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fabio Martinelli
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STAR Lab, Vrije Universiteit Brussel (VUB), Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. DEBII - CBS, Curtin University of Technology, De Laeter Way, 6102, Bentley, WA, Australia

    Tharam Dillon

  3. Facultad de Informática, Universidad Politécnica de Madrid, Campus de Montegancedo S/N, 28660, Boadilla del Monte, Madrid, Spain

    Pilar Herrero

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gheorghe, G., Mori, P., Crispo, B., Martinelli, F. (2010). Enforcing UCON Policies on the Enterprise Service Bus. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems, OTM 2010. OTM 2010. Lecture Notes in Computer Science, vol 6427. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16949-6_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16949-6_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16948-9

  • Online ISBN: 978-3-642-16949-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation