Manage Component-Specific Access Control with Differentiation and Composition

Commodity software components are intrinsically untrustworthy. It is highly insecure to use them directly in mission critical systems. Part of the insecurity can be attributed to the common-used but flawed mechanisms for discretionary access control, which is coarsegrained and based on user’s privileges. Many alternative mechanisms have been investigated to provide mandatory access control that is fine-grained and specific to individual software components. A predominate approach to this end is to classify processes into domains and roles, and to configure access control accordingly. However, this approach has limited applications in practice due to inconvenience in its manual procedure for access control configuration. This position paper introduces a new approach to address the limitation. Our approach differentiates static from dynamic access control policies such that only a small amount of access control policies needs to be configured statically, and that a large amount of access control policies can be configured dynamically through automatic composition. The differentiation and composition together allow flexible and convenient management of access control, even when it is mandatory and is configured with a highly fine granularity. This paper presents background and details of our approach, specifically differentiation of static from dynamic access control policies, configuration of static access control policies, and composition of dynamic access control policies.