Beruflich Dokumente
Kultur Dokumente
INTRODUCTION
Cloud computing is a new computing paradigm that is built on virtualization, parallel and distributed computing, utility computing, and service-oriented architecture. We propose a hierarchical attribute-set-based encryption (HASBE) scheme for access control in cloud computing. HASBE extends the cipher text-policy attribute- set-based encryption (CP-ASBE, or ASBE for short) scheme with a hierarchical structure of system users, so as to achieve scalable, flexible and fine-grained access control.
LITERATURE SURVEY High-Performance Cloud Computing: A View of Scientific Applications Author: Christian Vecchiola Suraj Pandey and Rajkumar Buyya Year: 2009
Scientific computing often requires the availability of a massive number of computers for performing large scale experiments. Traditionally, these needs have been addressed by using high-performance computing solutions and installed facilities such as clusters and super computers, which are difficult to setup, maintain, and operate. Cloud computing provides scientists with a completely new model of utilizing the computing infrastructure. Compute resources, storage resources, as well as applications, can be dynamically provisioned (and integrated within the existing infrastructure) on a pay per use basis. These resources can be released when they are no more needed. Such services are often offered within the context of a Service Level Agreement (SLA), which ensure the desired Quality of Service (QoS). Aneka, an enterprise Cloud computing solution, harnesses the power of compute resources by relying on private and public Clouds and delivers to users the desired QoS. Its flexible and service based infrastructure supports multiple programming paradigms that make Aneka address a variety of different scenarios: from finance applications to computational science. As examples of scientific computing in the Cloud, we present a preliminary case study on using Aneka for the classification of gene expression data and the execution of fMRI brain imaging workflow.
of the security context. For this reason, the policy requirements of secure groups are more complex than found in traditional peer communication; group policies convey information about associations greater and more abstract than their pair-wise counterparts. This paper identifies and illustrates universal requirements of secure group policy and reasons about the adherence of the Group Security Association Key Management Protocol (GSAKMP) to these principles.
Methods and Limitations of Security Policy Reconciliation Author: P. D. McDaniel and A. Prakash Year: 2002
A security policy is a means by which participant session requirements are specified. However, existing frameworks provide limited facilities for the automated reconciliation of participant policies. This paper considers the limits and methods of reconciliation in a generalpurpose policy model. We identify an algorithm for efficient two-policy reconciliation, and show that, in the worst-case, reconciliation of three or more policies is intractable. Further, we suggest efficient heuristics for the detection and resolution of intractable reconciliation. Based upon the policy model, we describe the design and implementation of the Ismene policy language. The expressiveness of Ismene, and indirectly of our model, is demonstrated through the representation and exposition of policies supported by existing policy languages. We conclude with brief notes on the integration and enforcement of Ismene policy within the Antigone communication system.
A Unified Scheme for Resource Protection in Automated Trust Negotiation Author: T. Yu and M. Winslett Year: 2003.
Automated trust negotiation is an approach to establishing trust between strangers through iterative disclosure of digital credentials. In automated trust negotiation, access control policies play a key role in protecting resources from unauthorized access. Unlike in traditional
trust management systems, the access control policy for a resource is usually unknown to the party requesting access to the resource, when trust negotiation starts. The negotiating parties can rely on policy disclosures to learn each other's access control requirements. However, a policy itself may also contain sensitive information. Disclosing policies' contents unconditionally may leak valuable business information or jeopardize individuals' privacy. In this paper, we propose UniPro, a uni_ed scheme to model protection of resources, including policies, in trust negotiation. UniPro improves on previous work by modeling policies as _rst-class resources, protecting them in the same way as other resources, providing _ne-grained control over policy disclosure, and clearly distinguishing between policy disclosure and policy satisfaction, which gives users more _exibility in expressing their authorization requirements. We also show that UniPro can be used with practical negotiation strategies without jeopardizing autonomy in the choice of strategy, and present criteria under which negotiations using UniPro are guaranteed to succeed in establishing trust.
Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing Author: S. Yu, C. Wang, K. Ren, and W. Lou Year: 2010
Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when finegrained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand,
allowing the data owner to delegate most of the computation tasks involved in finegrained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.
Ciphertext-Policy Attribute-Based Encryption Author: John Bethencourt, Amit Sahai and Brent Waters Year: 2007
In several distributed systems a user should only be able to access data if a user posses a certain set of cre-dentials or attributes. Currently, the only method for enforcing such policies is to employ a trusted server to store the data and mediate access control. However, if any server storing the data is compromised, then the confidentiality of the data will be compromised. In this paper we present a system for realizing complex access control on encrypted data that we call Ciphertext-Policy Attribute-Based Encryption. By using our techniques encrypted data can be kept confidential even if the storage server is untrusted; moreover, our methods are secure against collusion attacks. Previous Attribute-Based Encryption systems used attributes to describe the encrypted data and built policies into users keys; while in our system attributes are used to describe a users credentials, and a party encrypting data determines a policy for who can decrypt. Thus, our methods are conceptually closer to traditional access control methods such as Role-Based Access Control (RBAC).In addition, we provide an implementation of our system and give performance measurements.
Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Author: Vipul Goyal, Omkant Pandey, Amit Sahaiz and Brent Waters
Year: 2006
As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for ne-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of auditlog information and broadcast encryption. Our construction supports delegation of private keys which subsumes Hierarchical Identity-Based Encryption (HIBE).
Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption Author: Rakesh Bobba, Himanshu Khurana and Manoj Prabhakaran Year: 2009
In distributed systems users need to share sensitive objects with others based on the recipients ability to satisfy a policy. Attribute-Based Encryption (ABE) is a new paradigm where such policies are specified and cryptographically enforced in the encryption algorithm itself. Cipher text-Policy ABE (CP-ABE) is a form of ABE where policies are associated with encrypted data and attributes are associated with keys. In this work we focus on improving the flexibility of representing user attributes in keys. Specifically, we propose Cipher text Policy Attribute Set Based Encryption (CP-ASBE) - a new form of CP-ABE - which, unlike existing CP-ABE schemes that represent user attributes as a monolithic set in keys, organizes user attributes into a recursive set based structure and allows users to impose dynamic constraints on
how those attributes may be combined to satisfy a policy. We show that the proposed scheme is more versatile and supports many practical scenarios more naturally and efficiently. We provide a prototype implementation of our scheme and evaluate its performance overhead.
Fuzzy Identity-Based Encryption Author: Amit Sahai and Brent Waters Year: 2005
We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, !, to decrypt a ciphertext encrypted with an identity, !0, if and only if the identities ! and !0 are close to each other as measured by the set overlap distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term attribute-based encryption. In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.
Hierarchical Attribute-Based Encryption for Fine-Grained Access Control in Cloud Storage Services Author: G.Wang, Q. Liu, and J.Wu Year: 2010
Cloud computing, as an emerging computing paradigm, enables users to remotely store their data into a cloud so as to enjoy scalable services on-demand. Especially for small and
medium-sized enterprises with limited budgets, they can achieve cost savings and productivity enhancements by using cloud-based services to manage projects, to make collaborations, and the like. However, allowing cloud service providers (CSPs), which are not in the same trusted domains as enterprise users, to take care of confidential data, may raise potential security and privacy issues. To keep the sensitive user data confidential against untrusted CSPs, a natural way is to apply cryptographic approaches, by disclosing decryption keys only to authorized users. However, when enterprise users outsource confidential data for sharing on cloud servers, the adopted encryption system should not only support fine-grained access control, but also provide high performance, full delegation, and scalability, so as to best serve the needs of accessing data anytime and anywhere, delegating within enterprises, and achieving a dynamic set of users. In this paper, we propose a scheme to help enterprises to efficiently share confidential data on cloud servers. We achieve this goal by first combining the hierarchical identity-based encryption (HIBE) system and the ciphertext-policy attribute-based encryption (CP-ABE) system, and then making a performance-expressivity tradeoff, finally applying proxy re-encryption and lazy reencryption to our scheme.
MODULES NAME Authentication Trusted Authority Domain Authority Data Owner Data Consumer Cloud Service Provider
Database
Trusted Authority:
Trusted Authority is Main part of this project. It is create one decryption key for the relevant encryption key. After the decryption key provided the domain authority. Domain authority, Data owner, Data consumer and Cloud service provider are controlled in Trusted Authority.
Data Owner
Trusted Authority
Domain Authority
Cloud Storage
Data Consumer
Domain Authority:
Domain Authority is sub head for the trusted authority. Domain authority performs the administrator operation. Data owner will not store the data without domain authority permission and Data consumer will not get the data without Domain authority permission. So the domain authority provides the permission to the Data owner and Data consumer.
Data Consumer
Data Owner:
Data Owner is store the data in cloud service provider for secure purpose. Before Data owner get the permission from the domain authority for store the data. After get the permission Data owner first encrypt the file or data and store the data in cloud storage or cloud service provider.
Domain Authority
Public Key
Data Owner
Encrypted Data
Cloud Storage
Data Consumer:
First Data Consumer sends the request to the trusted authority through the domain authority. This request contains the filename and data owner name. Then the trusted authority sends the private key to the data consumer through the domain authority. Finally Data Consumer retrieves the data from cloud service provider and decrypts the data using the decryption key.
Cloud Storage
Data Owner
Data Consumer
Cloud Storage
Trusted Authority:
Input: Store the data to cloud storage Output: Provide the public and private Key to the domain authority
Domain Authority:
Input: Ask the Permission for store data to cloud storage. Output: Provide the public key to the data owner.
Data Owner:
Input: Encrypt the Data in data owner. Output: Store the Data to the cloud storage.
Data Consumer:
Input: send filename and data owner name to the domain authority. Output: Receive private key and encrypted file then Decrypt the Data.
We are now ready to describe the main operations of HASBE: System Setup, Top-Level Domain Authority Grant, New Domain Authority/User Grant, New File Creation, and File Access. System Setup: The trusted authority calls the algorithm to create system public parameters PK and master key MK0.PK will be made public to other parties and MK0 will be kept secret.
Top-Level Domain Authority Grant: The trusted authority will first verify whether it is a valid domain authority. If so, the trusted authority calls to Create DA (PK, MK0,A) generate the master key for DAi. After getting the master key, DAi can authorize the next level domain authorities or users in its domain.
New Domain Authority/User Grant: When a new user, denoted as u , or a new subordinate domain authority, denoted as DAi+1 , wants to join the system, the administrating domain authority, denoted as DAi , will first verify whether the new entity is valid. If true, DAi assigns the new entity a key structure Acorresponding to its role and a unique ID. Note that A- is a subset of A, where A is the key structure of DAi . New File Creation: To protect data stored on the cloud, a data owner first encrypts data files and then stores the encrypted data files on the cloud. Each file is encrypted with a symmetric data encryption key DEK, which is in turn encrypted with HASBE. Finally, the encrypted data file is stored on the cloud.
File Access: When a user sends request for data files stored on the cloud, the cloud sends the corresponding cipher texts to the user. The user decrypts them by first calling Decrypt (CT, SKu ) to obtain DEK and then decrypt data files using DEK.
HARDWARE REQUIREMENTS:
System Hard disk Mouse RAM Keyboard : Pentium IV 2.4 GHZ : 40 GB : Logitech. : 2GB(minimum) : 110 keys enhanced.
SYSTEM DESIGN
Get Permission
Domain Authority
Encrypt & Store Data Trusted Authority Get Decryption Key Provide Public & Private Key
In this use case diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.
CLASS DIAGRAM
A class diagram in the UML is a type of static structure diagram that describes the structure of a system by showing the systems classes, their attributes, and the relationships between the classes.
Private visibility hides information from anything outside the class partition. Public visibility allows all other classes to view the marked information. Protected visibility allows child classes to access information they inherited from a parent class.
In this class diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.
OBJECT DIAGRAM:
An object diagram in the Unified Modeling Language (UML) is a diagram that shows a complete or partial view of the structure of a modeled system at a specific time. An Object diagram focuses on some particular set of object instances and attributes, and the links between the instances. A correlated set of object diagrams provides insight into how an arbitrary view of a system is expected to evolve over time.
Object diagrams are more concrete than class diagrams, and are often used to provide examples, or act as test cases for the class diagrams. Only those aspects of a model that are of current interest need be shown on an object diagram.
Domain Authority Trusted Authority Public Key=pub.pk Private Key=pri.pke Username=domain Password=****** Key name=abc.pk
Data Consumer Owner name= hari File name=abc.txt Retrieve pri.pke Decrypt abc.txt
In this object diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.
STATE DIAGRAM
A state diagram is a type of diagram used in computer science and related fields to describe the behavior of systems. State diagrams require that the system described is composed of a finite number of states; sometimes, this is indeed the case, while at other times this is a reasonable abstraction. There are many forms of state diagrams, which differ slightly and have different semantics.
Trusted Authority
Domain Authority
Data Consumer
Data Owner
Cloud storage
In this state diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.
ACTIVITY DIAGRAM:
Activity diagram are a loosely defined diagram to show workflows of stepwise activities and actions, with support for choice, iteration and concurrency. UML, activity diagrams can be used to describe the business and operational step-by-step workflows of components in a system. UML activity diagrams could potentially model the internal logic of a complex operation. In many ways UML activity diagrams are the object-oriented equivalent of flow charts and data flow diagrams (DFDs) from structural development.
Trusted
Key Generation
Domain
Get Permission
Owner
Consumer
Storage
In this activity diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.
SEQUENCE DIAGRAM:
A sequence diagram in UML is a kind of interaction diagram that shows how the processes operate with one another and in what order. It is a construct of a message sequence chart. Sequence diagrams are sometimes called Event-trace diagrams, event scenarios, and timing diagrams. The below diagram shows the sequence flow shows how the process occurs in this project.
Trusted Authority
Data Owner
Data Consumer
Cloud Storage
Provide PublicKey
Provide PublicKey
Provide PrivateKey
Provide PrivateKey
In this sequence diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.
COLLABORATION DIAGRAM:
A collaboration diagram show the objects and relationships involved in an interaction, and the sequence of messages exchanged among the objects during the interaction.
The collaboration diagram can be a decomposition of a class, class diagram, or part of a class diagram. It can be the decomposition of a use case, use case diagram, or part of a use case diagram. The collaboration diagram shows messages being sent between classes and object (instances). A diagram is created for each system operation that relates to the current development cycle (iteration).
3: Provide PublicKey 2: Provide PublicKey 6: Provide PrivateKey Trusted Authority Domain Authority 1: Get Permission
Data Consumer
In this collaboration diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.
COMPONENT DIAGRAM:
The component diagram's main purpose is to show the structural relationships between the components of a system. A component represented implementation items, such as files and executables. Unfortunately, this conflicted with the more common use of the term component," which refers to things such as COM components. Over time and across successive releases of UML, the original UML meaning of components was mostly lost. UML 2 officially changes the
essential meaning of the component concept; in UML 2, components are considered autonomous, encapsulated units within a system or subsystem that provide one or more interfaces.
Data Owner
Trusted Authority
Domain Authority
Cloud Storage
Data Consumer
In this component diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.
LEVEL 0
1 User Authentication Login D0 Database
LEVEL 1
1 1 Trusted Authority User Public Key 1 Domain Authority Public Key Administrator Get Permission Encrypt Data by public key Data Owner
LEVEL 2
2 Trusted Authority Private Key 2 Domain Authority
2 D2 Database
ALL Levels:
1 User
In this data flow diagram (DFD), trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.
E-R DIAGRAM:
In software engineering, an entity-relationship model (ERM) is an abstract and conceptual representation of data. Entity-relationship modeling is a database modeling method, used to produce a type of conceptual schema or semantic data model of a system, often a relational database, and its requirements in a top-down fashion. Diagrams created by this process are called entity-relationship diagrams, ER diagrams, or ERDs.
Trusted Authority
Domain Authority
Cloud storage
File name, Public & Private Key owner name Store Data Data consumer
In this entity relationship (ER) diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.
SYSTEM ARCHITECTURE
The cloud computing system under consideration consists of five types of parties: a cloud service Provider, data owners, data consumers, a number of domain authorities, and a trusted authority. The cloud service provider manages a cloud to provide data storage service. Data owners encrypt their data files and store them in the cloud for sharing with data consumers. To access the shared data files, data consumers download encrypted data files of their interest from the cloud and then decrypt them. Each data owner/consumer is administrated by a domain authority. A domain authority is managed by its parent domain authority or the trusted authority. Data owners, data consumers, domain authorities, and the trusted authority are organized in a hierarchical manner. The trusted authority is the root authority and responsible for managing toplevel domain authorities.
Data Owner
Get Permission
Encrypted Data
Domain Authority
Administrator
Cloud Storage
Stored Data
Public & Private Key
Data Consumer File & Owner name Database Retrieve & Decrypt Data
Data Consumer
Cloud Storage
ADVANTAGES:
Recall that our system model consists of a trusted authority, domain authorities, and numerous users corresponding to data owners and data consumers. Each user in the system is assigned a key structure which specifies the attributes associated with the users decryption key. conducted comprehensive performance analysis and evaluation, which showed its efficiency
APPLICATION: Website
In Gmail, The user provides correct username and password means go to the next page. It is provide the secure for data. Only authorized person allow accessing the data. The authorized person receives the data from other and sends data to the other. In Amazon website, the authorized person allows to view data and store some of the data and retrieve the data from this website. Unauthorized person not allow to accessing the data and Viewing the data and storing the data.
CONCLUSION:
We achieve this goal by exploiting and individually combining techniques of attributebased Encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has most important properties of user access privilege condentiality and user secret key accountability. Extensive analysis shows that our proposed schemes is highly efficient and provably secure under existing security models.
BIBILOGRAPHY:
1. R. Buyya, C. ShinYeo, J. Broberg, and I. Brandic, Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility, Future Generation Comput. Syst., vol. 25, pp.599616, 2009.
2. S. Yu, C. Wang, K. Ren, and W. Lou, Achiving secure, scalable, and fine-grained data access control in cloud computing, in Proc. IEEE INFOCOM 2010, 2010, pp. 534542. 3. R. Bobba, H. Khurana, and M. Prabhakaran, Attribute-sets: A practically motivated enhancement to attribute-based encryption, in Proc. ESORICS, Saint Malo, France, 2009. 4. J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-policy attributebased encryption, in Proc. IEEE Symp. Security and Privacy, Oakland, CA, 2007. 5. A. Sahai and B. Waters, Fuzzy identity based encryption, in Proc. Acvances in Cryptology Eurocrypt, 2005, vol. 3494, LNCS, pp. 457473. 6. G.Wang, Q. Liu, and J.Wu, Hierachical attibute-based encryption for fine-grained access control in cloud storage services, in Proc. ACM Conf. Computer and Communications Security (ACM CCS), Chicago, IL, 2010. 7. V. Goyal, O. Pandey, A. Sahai, and B.Waters, Attibute-based encryption for fine-grained access control of encrypted data, in Proc. ACM Conf. Computer and Communications Security (ACM CCS), Alexandria, VA, 2006. 8. H. Harney, A. Colgrove, and P. D. McDaniel, Principles of policy in secure groups, in Proc. NDSS, San Diego, CA, 2001. 9. P. D. McDaniel and A. Prakash, Methods and limitations of security policy reconciliation, in Proc. IEEE Symp. Security and Privacy, Berkeley, CA, 2002. 10. T. Yu and M. Winslett, A unified scheme for resource protection in automated trust negotiation, in Proc. IEEE Symp. Security and Privacy, Berkeley, CA, 2003.