Active Capability: an Application Speciic Security and Protection Model
نویسندگان
چکیده
Traditional security models are mostly centralized, coarse grained and static. They are not suitable for large distributed and anonymous evironments like internet. With the increasing importance of internet and highspeed networking, it is essential to provide a security model that could incorporate application speciic security policies dynamicaly and eeeciently. In this paper we proposed a new script-based security and protection model which supports application speciic security policies. Essentially it extends traditional capabilities with user-deenable scripts, called Active Capabilities. This model synthizes the recent innovations on type safe scripting language, extensible operating systems, and software protection. We demostrated that active capability can support security features diicult to provide in traditional capability-based systems such as revocation, propagation connnement (cascading), access constrain (Restriction) and auditing. We show that by shifting the complexity from system level to user level the simple security core can be implemented eeciently. In addition, applications only pay the necessary overhead incurred by their required security functions.
منابع مشابه
Active Capability: a Uniied Security Model for Supporting Mobile, Dynamic and Application Speciic Delegation White Paper
متن کامل
An Architecture for Security and Protection of Big Data
The issue of online privacy and security is a challenging subject, as it concerns the privacy of data that are increasingly more accessible via the internet. In other words, people who intend to access the private information of other users can do so more efficiently over the internet. This study is an attempt to address the privacy issue of distributed big data in the context of cloud computin...
متن کاملState Caching in the Eros Kernel Implementing Eecient Orthogonal Persistence in a Pure Capability System
EROS, the Extremely Reliable Operating System, addresses the issues of reliability and security by combining three ideas from earlier systems: capabilities and a persistent single-level store. Capabilities unify object naming with access control. Persistence extends this naming and access control uniformly across the memory hierarchy; main memory is viewed simply as a cache of the single-level ...
متن کاملAuthorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملMatching Security Policies to Application
The issue of developing complex secure systems is still a great challenge. We claim that in contrast to the well known bottom-up oriented approaches secure concurrent systems should be developed top-down starting with a formal top-level speciication. A framework for developing secure systems is needed, which ooers means to specify security requirements adapted to the speciic demands of applicat...
متن کامل