• Corpus ID: 7415706

Ismene: Provisioning and Policy Reconciliation in Secure Group Communication

  title={Ismene: Provisioning and Policy Reconciliation in Secure Group Communication},
  author={Patrick Mcdaniel and Atul Prakash},
Abstract : Group communication systems increasingly provide security services. However, in practice, the use of such systems is complicated by the divergent requirements and abilities of group members. In this paper, we define a policy language called Ismene that directs the provisioning of security-related resources at member sites. The communication service is defined through a reconciliation of a group policy and member's local policies into a security configuration. Group authorization and… 

Figures from this paper

Flexibly constructing secure groups in Antigone 2.0

The Antigone 2.0 framework is presented, which allows the flexible specification and enforcement of group security policies, and the use of the API is illustrated through two applications built on Antig one: a reliable multicast system and host-level multicast security service.

Multidimensional security policy management for dynamic coalitions

The architecture of MSME is presented, a system that provides mechanisms to express security requirements for large groups abstractly, to exchange and reconcile these communication requirements among members of a group, and to automatically bind these abstract requirements to mechanisms that can enforce them at different levels of the TCP/IP stack.

Distributed Privacy-Preserving Policy Reconciliation

This paper introduces new protocols that meet the privacy requirements of the organizations and allow parties to find a common policy rule which maximizes their individual preferences.

Security policy consistency and distributed evaluation in heterogeneous environments

This dissertation addresses the problem of security policy consistency in decentralized heterogeneous systems by using both static and dynamic techniques to consistently enforce security policies that span multiple access control nodes.

New Advances on Privacy-Preserving Policy Reconciliation

This paper addresses the problem of preserving privacy during policy reconciliation by introducing new protocols that meet the privacy requirements of the organizations and allow parties to find a common policy rule which optimizes their individual preferences.

A middleware service for secure group communication in mobile ad hoc networks

  • S. YauXinyu Zhang
  • Computer Science
    Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003
  • 2003
An automated secure group management approach is presented and a middleware service is developed to facilitate development and execution of distributed applications using secure group communication in mobile ad hoc networks.

Performance Evaluation of Privacy-Preserving Policy Reconciliation Protocols

A performance evaluation of new protocols which take into account the privacy concerns of reconciliating parties with a focus on quantifying the added cost due to the privacy guarantees is presented.

The Meta-Protocol framework

A Unified Architecture for the Implementation of Security Protocols

The design, based on the concepts of Component Based Software Engineering (CBSE), provides fast and flexible implementation and deployment of security protocols.


An XML-based language for protocol specification along with a process, based in XSLT stylesheets, for automatic code generation, which was validated on three different protocols: Needham-Schroeder's authentication protocol, TCP's three-way handshake, and SSL’s handshake.



Antigone: A Flexible Framework for Secure Group Communication

The Antigone framework is presented, a framework that provides a suite of mechanisms from which flexible application security policies may be implemented, and how different security policies can be implemented using those mechanisms is shown.

Policy-based security management for large dynamic groups: an overview of the DCCM project

A scalable key management system based on One-way Function Trees (OFT) that can handle group sizes up to 100000 members and can dynamically handle members entering and leaving groups.

Domain based Internet security policy management

  • J. ZaoL. Sanchez S. Kent
  • Computer Science
    Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00
  • 2000
This paper presents a scaleable, robust, secure distributed system that can manage communication security policies associated with multiple network domains and resolving the policies-esp.

Certificate-based Access Control for Widely Distributed Resources

The model, architecture and implementation of the access control mechanism, which uses digitally-signed certificates to define and enforce an access policy for a set of distributed resources that have multiple, independent and geographically dispersed stakeholders, are described.

Representation and evaluation of security policies for distributed system services

  • T. RyutovC. Neuman
  • Computer Science
    Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00
  • 2000
We present a new model for authorization that integrates both local and distributed access control policies and that is extensible across applications and administrative domains. We introduce a

A Security Architecture for the Internet Protocol

The design, rationale, and implementation of a security architecture for protecting the secrecy and integrity of Internet traffic at the Internet Protocol (IP) layer, which includes a modular key management protocol, called MKMP, is presented.

Decentralized trust management

This paper presents a comprehensive approach to trust management, based on a simple language for specifying trusted actions and trust relationships, and describes a prototype implementation of a new trust management system, called PolicyMaker, that will facilitate the development of security features in a wide range of network services.

Implementing a distributed firewall

This paper presents the design and implementation of a distributed rewall using the KeyNote trust management system to specify, distribute, and resolve policy, and OpenBSD, an open source UNIX operating system.

Policy-based cryptographic key management: experience with the KRP project

  • D. BranstadD. Balenson
  • Computer Science
    Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00
  • 2000
The Policy-Controlled Cryptographic Key Release project addressed one part of key management by developing a formal language for specifying policies indicating to whom and under what conditions a cryptographic key could be accessed.

Secure group communications using key graphs

It is shown that the group key management service, using any of the three rekeying strategies, is scalable to large groups with frequent joins and leaves, and the average measured processing time per join/leave increases linearly with the logarithm of group size.