Decentralized Governance of Distributed Systems via Interaction Control

  • Naftaly H. Minsky
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7360)


This paper introduces an abstract reference model, called interaction control (IC), for the governance of large and heterogeneous distributed systems. This model goes well beyond conventional access control, along a number of dimensions. In particular, the IC model has the following characteristics: (1) it is inherently decentralized, and thus scalable even for a wide range of stateful policies; (2) it is very general, and not biased toward any particular type of policies; thus providing a significant realization of the age-old principle of separation of policy from mechanism; and (3) it enables flexible, composition-free, interoperability between different policies.

The IC model, which is an abstraction of a mechanism called law-governed interaction (LGI), has been designed as a minimalist reference model that can be reified into a whole family of potential control mechanisms that may support different types of communication, with different performance requirements and for different application domains.


Access Control Home Agent Access Control Policy Access Control Model Interaction Control 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ao, X., Minsky, N., Ungureanu, V.: Formal treatment of certificate revocation under communal access control. In: Proc. of the 2001 IEEE Symposium on Security and Privacy, Oakland California (May 2001)Google Scholar
  2. 2.
    Ao, X., Minsky, N.H.: Flexible Regulation of Distributed Coalitions. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 39–60. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Ao, X., Minsky, N.H.: On the role of roles: from role-based to role-sensitive access control. In: Proc. of the 9th ACM Symposium on Access Control Models and Technologies, Yorktown Hights, NY, USA (June 2004)Google Scholar
  4. 4.
    Ao, X., Minsky, N.H.: Regulated delegation in distributed systems. In: Proc. of the IEEE 7th International Workshop on Policies for Distributed Systems and Networks, London, Ontario, Canada (June 2006)Google Scholar
  5. 5.
    Arbaugh, W., Farber, D., Smith, J.: A secure and reliable bootstrap architecture. In: Proceedings of 1997 IEEE Symposium on Security and Privacy (1997)Google Scholar
  6. 6.
    Bandmann, O., Dam, M., Babak, S.F.: Constrained delegations. In: proceedings of 2002 IEEE Symposium on Security and Privacy (May 2002)Google Scholar
  7. 7.
    Barkley, J., Beznosov, K., Uppal, J.: Supporting relationships in access control using role based access control. In: Proceedings of the Fourth ACM Workshop on Role-Based Access Control, pp. 55–65 (October 1999)Google Scholar
  8. 8.
    Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations and model. Technical Report M74-244, Mitre Corp. (August 1975)Google Scholar
  9. 9.
    Bertino, E., Bonatti, P.A., Ferrari, E.: Trbac: A temporal role-based access control model. ACM Tran. on Information and System Security 4(3) (2001)Google Scholar
  10. 10.
    Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The keynote trust-management systems, version 2. ietf rfc 2704 (September 1999)Google Scholar
  11. 11.
    Coetzee, M., Eloff, J.H.P.: Virtual enterprise access control requirements. In: Proceedings of SAICSIT 2003 Conference, pp. 285–294. ACM (2003)Google Scholar
  12. 12.
    Dudheria, R., Trappe, W., Minsky, N.: Coordination and control in mobile ubiquitous computing applications using law governed interaction. In: Proc. of the Fourth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies (UBICOMM) Florence, Italy (October 2010)Google Scholar
  13. 13.
    Giuri, L., Iglio, P.: Role templates for content-based access control. In: Proc. of the ACM Workshop on Role-Based Access Control, RBAC 1997 (1997)Google Scholar
  14. 14.
    Godic, S., Moses, T.: Oasis extensible access control. markup language (xacml), version 2. Technical report, Oasis (March 2005)Google Scholar
  15. 15.
    He, Z., Phan, T., Nguyen, T.D.: Enforcing enterprise-wide policies over standard client-server interactions. In: Proc. of the Symp. on Reliable Distributed Systems, SRDS (2005)Google Scholar
  16. 16.
    Jajodia, S., Samarati, P., Sapino, M.L., Subramanian, V.S.: Flexible support for multiple access control policies. ACM Trans. on Database Systems 26(2) (June 2001)Google Scholar
  17. 17.
    Joshi, J.B.D., Bertino, E., Sahfiq, B., Ghafoor, A.: Dependencies and separation of duty constraints in gtrbac. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, SACMAT 2003 (2003)Google Scholar
  18. 18.
    Lampson, B.W.: Protection. In: Proceedings of 5th Princeton Symposium on Information Sciences and Systems, pp. 437–443 (March 1971); Reprinted in ACM Operating Sysytems Revue  8(1), 18–24 (1974)Google Scholar
  19. 19.
    Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. ACM Transaction on Information and System Security (TISSEC), 128–171 (February 2003)Google Scholar
  20. 20.
    McDaniel, P., Prakash, A.: Methods and limitations of security policy reconciliation. In: Proc. of the IEEE Symp on Security and Privacy (May 2002)Google Scholar
  21. 21.
    Minsky, N.H.: Regularity-Based Trust in Cyberspace. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 17–32. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Naftaly, H.: Minsky. The imposition of protocols over open distributed systems. IEEE Transactions on Software Engineering (February 1991)Google Scholar
  23. 23.
    Naftaly, H.: Minsky. A decentralized treatment of a highly distributed chinese-wall policy. In: Proc. of the IEEE 5th Int. Workshop on Policies for Distributed Systems and Networks, Yorktown Hights, NY, USA (June 2004)Google Scholar
  24. 24.
    Minsky, N.H.: Law Governed Interaction (LGI): A Distributed Coordination and Control Mechanism (An Introduction, and a Reference Manual) (February 2006)Google Scholar
  25. 25.
    Minsky, N.H., Ungureanu, V.: Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems. TOSEM, ACM Transactions on Software Engineering and Methodology 9(3), 273–305 (2000)CrossRefGoogle Scholar
  26. 26.
    Moyer, M.J., Abamad, M.: Generalized role-based access control. In: Proc. of the 21st Intern. Conf. on Distributed Computing Systems, pp. 391–398 (2001)Google Scholar
  27. 27.
    Osborn, S., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)CrossRefGoogle Scholar
  28. 28.
    Ribeiro, C., Ferreira, P.: A policy-oriented language for expressing security specifications. International Journal of Network Security 5(3) (November 2007)Google Scholar
  29. 29.
    Sandhu, R.S., Ferraiolo, D., Kuhn, R.: The nist model for role-based access control: Towards a unified standard. In: Proceedings of ACM Workshop on Role-Based Access Control. ACM (2000)Google Scholar
  30. 30.
    Schneider, F.B. (ed.): Trust in Cyberspace. National Academy Press (1999)Google Scholar
  31. 31.
    Ungureanu, V., Minsky, N.H.: Establishing Business Rules for Inter-Enterprise Electronic Commerce. In: Herlihy, M.P. (ed.) DISC 2000. LNCS, vol. 1914, pp. 179–193. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  32. 32.
    Wulf, W., Cohen, E., Corwin, W., Jones, A., Levin, C., Pierson, C., Pollack, F.: Hydra: The kernel of a multiprocessor operating system. CACM 17, 337–345 (1974)Google Scholar
  33. 33.
    Zhang, W., Serban, C., Minsky, N.H.: Establishing Global Properties of Multi-Agent Systems Via Local Laws. In: Weyns, D., Van Dyke Parunak, H., Michel, F. (eds.) E4MAS 2006. LNCS (LNAI), vol. 4389, pp. 170–183. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Naftaly H. Minsky
    • 1
  1. 1.Rutgers UniversityUSA

Personalised recommendations