Abstract
Distributed systems usually contain objects with heterogeneous security requirements that pose important challenges on the underlying security mechanisms and especially in access control systems. Access control in distributed systems often relies on centralized security administration. Existing solutions for distributed access control do not provide the flexibility and manageability required. This paper presents the XML-based Secure Content Distribution (XSCD) infrastructure is based on the production of self-protected software objects that convey contents (software or data) and can be distributed without further security measures because they embed the access control enforcement mechanism. It also provides means for integrating Privilege Management Infrastructures (PMIs). Semantic information is used in the dynamic instantiation and semantic validation of policies. XSCD is scalable, facilitates the administration of the access control system, guarantees the secure distribution of the contents, enables semantic integration and interoperability of heterogeneous sources, solves the “originator retained control” issue and allows activities (such as payment) to be bound to the access to objects.
Work partially supported by Spanish Ministerio de Ciencia y Tecnologίa under project TIC2002-04500-C02-02
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Fayad, A., Jajodia, S. Going Beyond MAC and DAC Using Mobile Policies. In Proceedings of IFIP SEC’01. Kluwer Academic Publishers. 2001.
Sandhu, R.S., E.J. Coyne, H.L. Feinstein and Youman, C.E. Role-Based Access Control Models. IEEE Computer, 1996. 29(2): pp. 38–47.
Thompson, M., et al., Certificate-based Access Control for Widely Distributed Resources. Proceedings of the Eighth USENIX Security Symposium. pp. 215–227. 1999.
Chadwick, D. W. An X.509 Role-based Privilege Management Infrastructure. Business Briefing. Global Infosecurity 2002. http://www.permis.org/
Cryptolope Technology Homepage. http://www-3.ibm.com/software/security/cryptolope/
Garcia-Molina, H.; Ketchpel, S.; Shivakumar, N. Safeguarding and Charging for Information on the Internet. Proceedings of the Intl. Conf. on Data Engineering. 1998.
Intertrust Technologies. http://www.intertrust.com/
Yagüe, M. On the suitability of existing access control and DRM languages for mobile policies. University of Málaga. Department of Computer Science TR. LCC-2002-7. 2002.
Bertino, E., Castano, S., Ferrari, E. On Specifying Security Policies for Web Documents with an XML-based Language. In Proceedings of ACM SACMAT’01. 2001.
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P. A Fine-Grained Access Control System for XML Documents. In ACM Transactions on Information and System Security (TISSEC), vol. 5, n. 2, May 2002, pp. 169–202.
W3C. XML-Schema. http://www.w3.org/XML/Schema
Bertino, E., Castano, S., Ferrari, E. Securing XML documents with Author-X. IEEE Internet Computing, 5(3):21–31, May/June 2001.
ITU-T Recommendation X.509: Information Technology-Open systems interconnection — The Directory: Authentication Framework, June 1997.
ITU-T Recommendation X.509: Information Technology-Open systems interconnection — The Directory: Public-key and attribute certificate frameworks, March 2000.
Maña, A., Pimentel, E. An Efficient Software Protection Scheme. In Proceedings of IFIP SEC’01. Kluwer Academic Publishers. 2001.
RDF Vocabulary Description Language 1.0: RDF Schema. W3C Working Draft 30 April 2002. http://www.w3.org/TR/rdf-schema/
W3C. XML-Signature Syntax and Processing. http://www.w3.org/TR/xmldsig-core/. 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
López, J., Maña, A., Pimentel, E., Troya, J.M., Yagüe, M.I. (2002). Access Control Infrastructure for Digital Objects. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds) Information and Communications Security. ICICS 2002. Lecture Notes in Computer Science, vol 2513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36159-6_34
Download citation
DOI: https://doi.org/10.1007/3-540-36159-6_34
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00164-5
Online ISBN: 978-3-540-36159-6
eBook Packages: Springer Book Archive