Modular Construction of DTE Policies
نویسندگان
چکیده
This paper describes a tool which composes a policy for a fine-grained mandatory access control system (DTE) from a set of mostly independent policy modules. For a large system with many services, a DTE policy becomes unwieldy. However, many system services and security extensions can be considered to be largely standalone. By providing for explicit grouping, namespaces, and globbing by namespaces, inter-module access rules can be made generic enough to permit modules to be mixed and matched as needed. As a result, it becomes easier to extend a policy, debug a policy, and to distribute meaningful policy modules with new software.
منابع مشابه
Domain and Type Enforcement Firewalls
Internet-connected organizations often employ an Internet firewall to mitigate risks of system penetration, data theft, data destruction, and other security breaches. Conventional Internet firewalls, however, impose an overly simple inside-vs-outside model of security that is incompatible with many business practices that require extending limited trust to external entities, for example, suppli...
متن کاملDevelopment of a weighted leanness measurement method in modular construction companies
This paper outlines the development of an improved approach to the use of lean tools and techniques to improve the performance of manufacturing enterprises. Several research studies attempt to measure the overall leanness score of the manufacturing process; however, they failed to consider the interdependent relationships between lean performance metrics and considered all performance measures ...
متن کاملSDEAP: a splice graph based differential transcript expression analysis tool for population data
MOTIVATION Differential transcript expression (DTE) analysis without predefined conditions is critical to biological studies. For example, it can be used to discover biomarkers to classify cancer samples into previously unknown subtypes such that better diagnosis and therapy methods can be developed for the subtypes. Although several DTE tools for population data, i.e. data without known biolog...
متن کاملConfining Root Programs with Domain and Type Enforcement
0. Abstract The pervasive use of the root privilege is a central problem for UNIX security because an attacker who subverts a single root program gains complete control over a computing system. Domain and type enforcement (DTE) is a strong, configurable operating system access control technology that can minimize the damage root programs can cause if subverted. DTE does this by preventing group...
متن کاملDTEvisual: A Visualization System for Teaching Access Control using Domain Type Enforcement
This paper describes DTEvisual, a visualization system that leverages Domain Type Enforcement (DTE) for access control education. Domain Type Enforcement (DTE) is a powerful abstraction for teaching students about policy complexity and application of the principle of least privilege, mandatory access control and modern models of access control. DTEvisual facilitates graphical depiction, constru...
متن کامل