Enforcing Security Policies via Types
نویسندگان
چکیده
Security is a key issue for distributed systems/applications with code mobility, like, e.g., e-commerce and on-line bank transactions. In a scenario with code mobility, traditional solutions based on cryptography cannot deal with all security issues and additional mechanisms are necessary. In this paper, we present a flexible and expressive type system for security for a calculus of distributed and mobile processes. The type system has been designed to supply real systems security features, like the assignment of different privileges to users over different data/resources. Type soundness is guaranteed by using a combination of static and dynamic checks, thus enforcing specific security policies on the use of resources. The usefulness of our approach is shown by modeling the simplified behaviour of a bank account management system.
منابع مشابه
Enforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملEnforcing Security in IoT and Home Networks
Modern home and corporate networks are interconnecting many different devices types other than personal computers and printers. It is pretty common to have surveillance cameras or thermometers and control them through cloud-based services. Security-wise this practice can create potential threats when connected devices are not kept updated or if they can freely access the network. This paper des...
متن کاملEnforcing information security policies through cultural boundaries: a multinational company approach
Information security policies can be considered as guidelines and used as a starting point to create a security structure within an organization. Although practitioners continuously emphasize the importance of such policies, information system scholars have not paid the required attention to this context from the cross-cultural perspective. The purpose of this study is to look at the cultural a...
متن کاملEnforcing Security Policies for Distributed Objects Applications
In this paper we present the design and the implementation of a policy engine for enforcing security policies for distributed applications. Such policies, represented by using the RBAC model, include both how the distributed, shared and replicated objects are used, by mean of role certificates and how these roles are managed by means of administrative roles. The policy engine can enforce not on...
متن کاملUsing Reflection as a Mechanism for Enforcing Security Policies in Mobile Code
Several authors have proposed using code modification as a technique for enforcing security policies such as resource limits, access controls, and network information flows. However, these approaches are typically ad hoc and are implemented without a high level abstract framework for code modification. We propose using reflection as a mechanism for implementing code modifications within an abst...
متن کامل