A Framework for Role-Based Access Control in Group Communica(8)

In this paper we analyze the requirements access control mechanisms must fulfill in the context of group communication and define a framework for supporting fine-grained access control in client-server group communication systems. Our framework combines ro

anddesigningandimplementingaparserenginethatcantranslateapplicationspeci cpoliciesinsystem-understandablepolicies.

References

[1]TheTLSPro-tocolVersion1.0.Number2246inRFC.T.Dierksand

C.Allen,1999./rfcs/rfc2246.html.[2]D.A.Agarwal,O.Chevassut,M.R.Thompson,and

G.Tsudik.Anintegratedsolutionforsecuregroupcommu-nicationinwide-areanetworks.InProceedingsofthe6thIEEESymposiumonComputersandCommunications,Hammamet,Tunisia,July2001.[3]YairAmir,ClaudiuDanilov,MichalMiskin-Amir,John

Schultz,andJonathanStanton.TheSpreadtoolkit:Archi-tectureandperformance.Technicalreport,DS-2004-1,JohnsHopkinsUniversity.[4]YairAmir,DannyDolev,S.Kramer,andD.Malki.Tran-sis:Acommunicationsub-systemforhighavailability.Di-gestofPapers,The22ndInternationalSymposiumonFault-TolerantComputingSystems,pages76–84,1992.[5]YairAmir,YongdaeKim,CristinaNita-Rotaru,John

Schultz,JonathanStanton,andGeneTsudik.Securegroupcommunicationusingrobustcontributorykeyagreement.InToappearinTransactionsonParallelandDistributedSystems,September2003.[6]YairAmir,L.E.Moser,P.M.Melliar-Smith,D.A.Agar-wal,andP.Ciarfella.TheTotemsingle-ringorderingandmembershipprotocol.ACMTransactionsonComputerSystems,13(4):311–342,November1995.[7]YairAmir,CristinaNita-Rotaru,JonathanStanton,and

GeneTsudik.Scalingsecuregroupcommunicationsys-tems:Beyondpeer-to-peer.Inthe3rdDARPAInfor-mationSurvivabilityConferenceandExposition(DISCEXIII),Washington,D.C.,April2003.[8]YairAmirandJonathanStanton.TheSpreadwidearea

groupcommunicationsystem.TechnicalReport98-4,JohnsHopkinsUniversity,CenterofNetworkingandDis-tributedSystems,1998.[9]KenethP.BirmanandRobertV.Renesse.ReliableDis-tributedComputingwiththeIsisToolkit.IEEEComputerSocietyPress,March1994.[10]DavidF.Ferraiolo,D.RichardKuhn,andRamaswamy

Chandramouli.Role-BasedAccessControl.ArtechHouse,April2003.[11]H.Harney,A.Colegrove,andP.McDaniel.Principlesof

policyinsecuregroups.InNetworkandDistributedSys-temsSecurity,SanDiego,CA,February2001.[12]HughHarney,AndreaColegrove,andPatrickMcDaniel.

Principlesofpolicyinsecuregroups.InNetworkandDis-tributedSystemsSecuritySymposium,2001.[13]KimPotterKihlstrom,LouiseE.Moser,andP.M.Melliar-Smith.TheSecureRingprotocolsforsecuringgroupcom-munication.InProceedingsoftheIEEE31stHawaiiInter-nationalConferenceonSystemSciences,pages317–326,January1998.

[14]JohnKohlandB.Cli ordNeuman.TheKerberosNetwork

AuthenticationService(Version5).RFC-1510,September1993.[15]NinghuiLi,JohnC.Mitchell,andWilliamH.Winsbor-ough.Designofarole-basedtrustmanagementframe-work.InProceedingsofthe2002IEEESymposiumonSecurityandPrivacy,pages114–130.IEEEComputerSo-cietyPress,May2002.[16]P.McDanielandA.Prakash.Methodsandlimitationsof

securitypolicyreconciliation.InIEEESymposiumonSe-curityandPrivacy,pages73–87,Oakland,CA,May2002.[17]PatrickMcDaniel,AtulPrakash,andPeterHoneyman.

Antigone:A exibleframeworkforsecuregroupcommuni-cation.InProceedingsofthe8thUSENIXSecuritySym-posium,pages99–114,August1999.[18]B.Cli ordNeumanandTheodoreTs’o.Kerberos:An

authenticationserviceforcomputernetworks.IEEECom-municationsMagazine,pages33–38,September1994.[19]CristinaNita-RotaruandNinghuiLi.Aframeworkfor

role-basedaccesscontrolingroupcommunicationsystems.Technicalreport,2003.CERIASTR-2003-31,PurdueUni-versity.[20]MichaelK.Reiter.Secureagreementprotocols:reliable

andatomicgroupmulticastinRampart.InProceedingsofthe2ndACMConferenceonComputerandCommunica-tionsSecurity,pages68–80.ACM,November1994.[21]R.V.Renesse,K.Birman,andS.Ma eis.Horus:A municationsoftheACM,39:76–83,April1996.[22]ITU-TRec.X.509(revised).TheDirectory-Authentica-tionFramework.InternationalTelecommunicationUnion,1993.[23]O.Rodeh,K.Birman,andD.Dolev.Optimizedgroup

rekeyforgroupcommunicationsystems.InProceedingsofISOCNetworkandDistributedSystemsSecuritySympo-sium,February2000.[24]OhadRodeh,KenBirman,ingAVL

treesforfaulttolerantgroupkeymanagement.TechnicalReport2000-1823,CornellUniversity,ComputerScience;Tech.Rep.2000-45,HebrewUniversity,ComputerScience,2000.[25]OhadRodeh,KenBirman,andDannyDolev.Thearchi-tectureandperformanceofsecurityprotocolsintheEn-sembleGroupCommunicationSystem.ACMTransactionsonInformationandSystemSecurity,4(3):289–319,August2001.[26]RaviS.Sandhu,EdwardJ.Coyne,HalL.Feinstein,and

CharlesE.Youman.Role-basedaccesscontrolmodels.IEEEComputer,29(2):38–47,February1996.[27]MaryR.Thompson,AbdelilahEssiari,andSrilekha

Mudumbai.Certi cate-basedauthorizationpolicyinaPKIenvironment.ACMTrans.Inf.Syst.Secur.,6(4):566–588,2003.[28]B.Whetten,T.Montgomery,andS.Kaplan.Ahighper-formancetotallyorderedmulticastprotocol.InTheoryandPracticeinDistributedSystems,InternationalWorkshop,LNCS,page938,September1994.[29]ChungKeiWong,MohamedG.Gouda,m.

Securegroupcommunicationsusingkeygraphs.InPro-ceedingsoftheACMSIGCOMM’98,pages68–79,1998.