scispace - formally typeset
Search or ask a question
Author

Victoria Ungureanu

Bio: Victoria Ungureanu is an academic researcher from Rutgers University. The author has contributed to research in topics: Access control & Server. The author has an hindex of 13, co-authored 25 publications receiving 810 citations.

Papers
More filters
Journal ArticleDOI
TL;DR: It is shown that LGI is at least as general as a conventional centralized coordination mechanism (CCM), and that it is more scalable, and generally more efficient, then CCM.
Abstract: Software technology is undergoing a transition form monolithic systems, constructed according to a single overall design, into conglomerates of semiautonomous, heterogeneous, and independently designed subsystems, constructed and managed by different organizations, with little, if any, knowledge of each other. Among the problems inherent in such conglomerates, none is more serious than the difficulty to control the activities of the disparate agents operating in it, and the difficulty for such agents to coordinate their activities with each other. We argue that the nature of coordination and control required for such systems calls for the following principles to be satisfied: (1) coordination policies need to be enforced: (2) the enforcement needs to be decentralized; and (3) coordination policies need to be formulated explicitly—rather than being implicit in the code of the agents involved—and they should be enforced by means of a generic, broad spectrum mechanism; and (4) it should be possible to deploy and enforce a policy incrementally, without exacting any cost from agents and activities not subject to it. We describe a mechansim called law-governed interaction (LGI), currently implemented by the Moses toolkit, which has been designed to satisfy these principles. We show that LGI is at least as general as a conventional centralized coordination mechanism (CCM), and that it is more scalable, and generally more efficient, then CCM.

357 citations

Proceedings Article
26 Jan 1998
TL;DR: A security mechanism that can support efficiently, and in a unified manner, a wide range of security models and policies, including: conventional discretionary models that use capabilities or access-control lists, mandatory lattice-based access control models, and the more sophisticated models and Policies required for commercial applications are proposed.
Abstract: Modern distributed systems tend to be conglomerates of heterogeneous subsystems, which have been designed separately, by different people, with little, if any, knowledge of each other - and which may be governed by different security policies. A single software agent operating within such a system may find itself interacting with, or even belonging to, several subsystems, and thus be subject to several disparate policies. If every such policy is expressed by means of a different formalism and enforced with a different mechanism, the situation can get easily out of hand. To deal with this problem we propose in this paper a security mechanism that can support efficiently, and in a unified manner, a wide range of security models and policies, including: conventional discretionary models that use capabilities or access-control lists, mandatory lattice-based access control models, and the more sophisticated models and policies required for commercial applications. Moreover, under the proposed mechanism, a single agent may be involved in several different modes of interactions that are subject to disparate security policies.

59 citations

Proceedings ArticleDOI
26 May 1998
TL;DR: A mechanism for establishing policies for electronic commerce in a unified and secure manner that enables a single agent to engage in several different activities, subject to disparate policies is introduced.
Abstract: The paper introduces a mechanism for establishing policies for electronic commerce in a unified and secure manner. A commercial policy can be viewed as the embodiment of a contract between the principals involved in a certain type of commercial activity, and it may be concerned with such issues as: ensuring that a payment for services is refunded under specified circumstances; preventing certificates representing e-cash from being duplicated; ensuring that credit card numbers are used only for the transaction they are intended for; and, for certain socially sensitive transactions like the purchase of drugs, ensuring auditability by proper authorities. Our mechanism is based on a previously published concept of law governed interaction. It makes a strict separation between the formal statement of a policy, which we call a "law," and the enforcement of this law, which is carried out by a set of policy independent trusted controllers. A new policy under this scheme is created basically by formulating its law, and can be easily deployed throughout a distributed system. This mechanism enables a single agent to engage in several different activities, subject to disparate policies. Two example policies are discussed in detail: one ensures refundability of payment under certain circumstances; the other provides for payment by means of non copyable tickets.

53 citations

Book ChapterDOI
01 Sep 1997
TL;DR: A new concept of regulated coordination that allows a single agent to engage in several different activities, subject to disparate policies, is introduced, called Moses, that can support a wide range of useful coordination policies of this kind, in an efficient and unified manner.
Abstract: Modern distributed systems tend to be conglomerates of heterogeneous subsystems, which have been designed separately, by different people, with little, if any, knowledge of each other A single agent operating within a hybrid system of this kind may have to coordinate its activities with members of several such subsystems, under different coordination policies To support coordination in such hybrid systems, we introduce in this paper a new concept of regulated coordination that allows a single agent to engage in several different activities, subject to disparate policies Coordination policies are enforced to ensure compliance with them by all participants We introduce a toolkit called Moses that can support a wide range of useful coordination policies of this kind, in an efficient and unified manner

41 citations

Proceedings ArticleDOI
14 May 2001
TL;DR: This work focuses on the communal treatment of expiration and revocation of the digital certificates used for the authentication of the identity and roles of members of a distributed community of agents involved in some common activity.
Abstract: The conventional approach to distributed access control (AC) tends to be server-centric. Under this approach, each server establishes its own policy regarding the use of its resources and services by its clients. The choice of this policy, and its implementation, are generally considered the prerogative of each individual server. This approach to access control may be appropriate for many current client-server applications, where the server is an autonomous agent, in complete charge of its resources. It is not suitable for the growing class of applications where a group of servers, and sometimes their clients, belong to a single enterprise, and are subject to the enterprise-wide policy governing them all. One may not be able to entrust such an enterprise-wide policy to the individual servers, for two reasons: first, it is hard to ensure that an heterogeneous set of servers implement exactly the same policy. Second, as demonstrate, an AC policy can have aspects that cannot, in principle, be implemented by servers alone. As argued in a previous paper (Minsky, 2000), what is needed in this situation is a concept of communal policy that governs the interaction between the members of a distributed community of agents involved in some common activity along with a mechanism that provides for the explicit formulation of such policies, and for their scalable enforcement. We focus on the communal treatment of expiration and revocation of the digital certificates used for the authentication of the identity and roles of members of the community.

36 citations


Cited by
More filters
01 Apr 1997
TL;DR: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity.
Abstract: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.

2,188 citations

Patent
25 Mar 2002
TL;DR: In this paper, the authors propose a system and method for communicating information between a first party and a second party, comprising the steps of receiving, by an intermediary, an identifier of desired information and accounting information for a transaction involving the information from the first party, and negotiating, by the intermediary, a comprehension function for obscuring at least a portion of the information communicated between the first parties and the second parties.
Abstract: A system and method for communicating information between a first party and a second party, comprising the steps of receiving, by an intermediary, an identifier of desired information and accounting information for a transaction involving the information from the first party, transmitting an identifier of the first party to the second party, and negotiating, by the intermediary, a comprehension function for obscuring at least a portion of the information communicated between the first party and the second party. The data transmission may be made secure with respect to the intermediary by providing an asymmetric key or direct key exchange for encryption of the communication between the first and second party. The data transmission may be made secure with respect to the second party by maintaining the information in encrypted format at the second party, with the decryption key held only by the intermediary, and transmitting a secure composite of the decryption key and a new encryption key to the second party for transcoding of the data record, and providing the new decryption key to the first party, so that the information transmitted to the first party can be comprehended by it.

1,193 citations

Journal ArticleDOI
TL;DR: A body of work on computational immune systems that behave analogously to the natural immune system and in some cases have been used to solve practical engineering problems such as computer security are described.
Abstract: This review describes a body of work on computational immune systems that behave analogously to the natural immune system. These artificial immune systems (AIS) simulate the behavior of the natural immune system and in some cases have been used to solve practical engineering problems such as computer security. AIS have several strengths that can complement wet lab immunology. It is easier to conduct simulation experiments and to vary experimental conditions, for example, to rule out hypotheses; it is easier to isolate a single mechanism to test hypotheses about how it functions; agent-based models of the immune system can integrate data from several different experiments into a single in silico experimental system.

1,021 citations

Posted Content
TL;DR: In this paper, the authors propose an approach to the representation, maintenance, and enforcement of fine-grained access control policies in distributed communities of resource providers and resource consumers, within which often complex and dynamic policies govern who can use which resources for which purpose.
Abstract: In "Grids" and "collaboratories," we find distributed communities of resource providers and resource consumers, within which often complex and dynamic policies govern who can use which resources for which purpose. We propose a new approach to the representation, maintenance, and enforcement of such policies that provides a scalable mechanism for specifying and enforcing these policies. Our approach allows resource providers to delegate some of the authority for maintaining fine-grained access control policies to communities, while still maintaining ultimate control over their resources. We also describe a prototype implementation of this approach and an application in a data management context.

680 citations

Journal ArticleDOI
TL;DR: The paper discusses the various precedence relationships that can be established between policies in order to allow inconsistent policies to coexist within the system and presents a conflict analysis tool which forms part of a role based management framework.
Abstract: Modern distributed systems contain a large number of objects and must be capable of evolving, without shutting down the complete system, to cater for changing requirements. There is a need for distributed, automated management agents whose behavior also has to dynamically change to reflect the evolution of the system being managed. Policies are a means of specifying and influencing management behavior within a distributed system, without coding the behavior into the manager agents. Our approach is aimed at specifying implementable policies, although policies may be initially specified at the organizational level and then refined to implementable actions. We are concerned with two types of policies. Authorization policies specify what activities a manager is permitted or forbidden to do to a set of target objects and are similar to security access-control policies. Obligation policies specify what activities a manager must or must not do to a set of target objects and essentially define the duties of a manager. Conflicts can arise in the set of policies. Conflicts may also arise during the refinement process between the high level goals and the implementable policies. The system may have to cater for conflicts such as exceptions to normal authorization policies. The paper reviews policy conflicts, focusing on the problems of conflict detection and resolution. We discuss the various precedence relationships that can be established between policies in order to allow inconsistent policies to coexist within the system and present a conflict analysis tool which forms part of a role based management framework. Software development and medical environments are used as example scenarios.

669 citations