xESB: An Enterprise Service Bus for Access and Usage Control Policy Enforcement
نویسندگان
چکیده
Enforcing complex policies that span organizational domains is an open challenge. Current work on SOA policy enforcement splits security in logical components that can be distributed across domains, but does not offer any concrete solution to integrate this security functionality so that it works across security services for organization-wide policies. In this paper, we propose xESB, an enhanced version of an Enterprise Message Bus (ESB), where we monitor and enforce preventive and reactive policies, both for access control and usage control policies, and both inside one domain and between domains. In addition, we introduce indicators that help SOA administrators assess the effectiveness of their policies. Our performance measurements show that policy enforcement at the ESB level comes with only moderate penalties.
منابع مشابه
Enforcing UCON Policies on the Enterprise Service Bus
In enterprise applications, regulatory and business policies are shifting their semantic from access to usage control requirements. The aim of such policies is to constrain the usage of groups of resources based on complex conditions that require not only state-keeping but also automatic reaction to state changes. We argue that these policies instantiate usage control requirements that can be e...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملToward Comprehensive Security Policy Governance in Collaborative Enterprise
The lack of trust among software services spanning multiple organisations and the rather poor adaptability level of the current security policies are often seen as braking forces to collaborative-enterprise development. Removing this impediment involves re-thinking the security policy according to “due usage” requirements and setting security enforcement and regulations according to both the du...
متن کاملIdea: Efficient Evaluation of Access Control Constraints
Business requirements for modern enterprise systems usually comprise a variety of dynamic constraints, i. e., constraints that require a complex set of context information only available at runtime. Thus, the efficient evaluation of dynamic constraints, e. g., expressing separation of duties requirements, becomes an important factor for the overall performance of the access control enforcement....
متن کاملIdea: Efficient Evaluation of Access Control Constraint
Business requirements for modern enterprise systems usually comprise a variety of dynamic constraints, i. e., constraints that require a complex set of context information only available at runtime. Thus, the efficient evaluation of dynamic constraints, e. g., expressing separation of duties requirements, becomes an important factor for the overall performance of the access control enforcement....
متن کامل