Application-Defined Decentralized Access Control
نویسندگان
چکیده
DCAC is a practical OS-level access control system that supports application-defined principals. It allows normal users to perform administrative operations within their privilege, enabling isolation and privilege separation for applications. It does not require centralized policy specification or management, giving applications freedom to manage their principals while the policies are still enforced by the OS. DCAC uses hierarchically-named attributes as a generic framework for user-defined policies such as groups defined by normal users. For both local and networked file systems, its execution time overhead is between 0%-9% on file system microbenchmarks, and under 1% on applications. This paper shows the design and implementation of DCAC, as well as several real-world use cases, including sandboxing applications, enforcing server applications' security policies, supporting NFS, and authenticating user-defined sub-principals in SSH, all with minimal code changes.
منابع مشابه
A Demonstration of the Solid Platform for Social Web Applications
Solid is a decentralized platform for social Web applications. In the Solid platform, users’ data is managed independently of the applications that create and consume this data. Each user stores their data in a Web-accessible personal online datastore (or pod). Each user can have one or more pods from different pod providers, and can easily switch between providers. Applications access data in ...
متن کاملNuCypher KMS: Decentralized key management system
NuCypher KMS is a decentralized Key Management System (KMS) that addresses the limitations of using consensus networks to securely store and manipulate private, encrypted data [1]. It provides encryption and cryptographic access control, performed by a decentralized network, leveraging proxy re-encryption [2]. Unlike centralized KMS as a service solutions, it doesn’t require trusting a service ...
متن کاملDecentralized Detection in IEEE 802.15.4 Wireless Sensor Networks
We present a mathematical model to study decentralized detection in clustered wireless sensor networks (WSNs). Sensors and fusion centers (FCs) are distributed with the aim of detecting an event of interest. Sensors are organized in clusters, with FCs acting as cluster heads, and are supposed to observe the same common binary phenomenon. A query-based application is accounted for; FCs periodica...
متن کاملAccess and Mobility Policy Control at the Network Edge
The fifth generation (5G) system architecture is defined as service-based and the core network functions are described as sets of services accessible through application programming interfaces (API). One of the components of 5G is Multi-access Edge Computing (MEC) which provides the open access to radio network functions through API. Using the mobile edge API third party analytics applications ...
متن کاملA Paradigm for Dynamic and Decentralized Administration of Access Control in Workflow Applications
The administration of authorizations in modem Web-based computing environments has become a primary concern. Application security is characterized by a significant complexity, due to the large number of variations and combinations of objects and operations to be protected. Thus, there is a need for data, processes and context parameters, like time and location, to be combined into a security mo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Proceedings of the USENIX ... annual Technical Conference. USENIX Technical Conference
دوره 2014 شماره
صفحات -
تاریخ انتشار 2014