Pol icy B ased Roles for D

Distributed systems are increasingly being used in commercial environments necessitating the development of trustworthy and reliable security mechanisms. There is often no clear informal or formal specification of enterprise authorisation policies and no tools to translate policy specifications to access control implementation mechanisms such as capabilities or Access Control Lists. It is thus difficult to analyse the policy to detect conflicts or flaws and it is difficult to verify that the implementation corresponds to the policy specification. We present in this paper a framework for the specification of management policies. We are concerned with two types of policies: obligations which specify what activities a manager or agent must or must not perform on a set of target objects and authorisations which specify what activities a subject (manager or agent) can or can not perform on the set of target objects. Management policies are then grouped into roles reflecting the organisational structure. It is thus possible to assign or withdraw persons from the roles without changing their specification. Conflicts may arise in a set of policies which need then to be checked and analysed. We outline principles for conflict analysis and classification. Finally we present the implementation of the access control (authorisation) policies using security agents on a per-host basis to achieve a high degree of transparency to the application level.