EPICS: A Framework for Enforcing Security Policies in Composite Web Services
نویسندگان
چکیده
منابع مشابه
Running head: Policies for Web Security Services Policies for Web Security Services
This chapter analyzes the various types of policies implemented by the web security services. According to X.800 definition five are the basic web security services categories: authentication, non-repudiation, access control, data integrity and data confidentiality. In this chapter we discuss access control and data privacy services. Access control services may adopt various models according to...
متن کاملSpecifying and Enforcing Application-Level Web Security Policies
Application-level Web security refers to vulnerabilities inherent in the code of a Web-application itself (irrespective of the technologies in which it is implemented or the security of the Web-server/back-end database on which it is built). In the last few months, application-level vulnerabilities have been exploited with serious consequences: Hackers have tricked e-commerce sites into shippin...
متن کاملEnforcing Security Policies via Types
Security is a key issue for distributed systems/applications with code mobility, like, e.g., e-commerce and on-line bank transactions. In a scenario with code mobility, traditional solutions based on cryptography cannot deal with all security issues and additional mechanisms are necessary. In this paper, we present a flexible and expressive type system for security for a calculus of distributed...
متن کاملEnforcing Security Policies for Distributed Objects Applications
In this paper we present the design and the implementation of a policy engine for enforcing security policies for distributed applications. Such policies, represented by using the RBAC model, include both how the distributed, shared and replicated objects are used, by mean of role certificates and how these roles are managed by means of administrative roles. The policy engine can enforce not on...
متن کاملFramework for Enforcing Multiple Access Control Policies
Although several access control policies can be devised for controlling access to information, all existing authorization models, and the corresponding enforcement mechanisms, are based on a speciic policy (usually the closed policy). As a consequence, although diierent policy choices are possible in theory, in practice only a speciic policy can be actually applied within a given system. Howeve...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Services Computing
سال: 2019
ISSN: 1939-1374,2372-0204
DOI: 10.1109/tsc.2018.2797277