Manage Component-Specific Access Control with Differentiation and Composition

نویسنده

  • Zhiqing Liu
چکیده

Commodity software components are intrinsically untrustworthy. It is highly insecure to use them directly in mission critical systems. Part of the insecurity can be attributed to the common-used but flawed mechanisms for discretionary access control, which is coarsegrained and based on user’s privileges. Many alternative mechanisms have been investigated to provide mandatory access control that is fine-grained and specific to individual software components. A predominate approach to this end is to classify processes into domains and roles, and to configure access control accordingly. However, this approach has limited applications in practice due to inconvenience in its manual procedure for access control configuration. This position paper introduces a new approach to address the limitation. Our approach differentiates static from dynamic access control policies such that only a small amount of access control policies needs to be configured statically, and that a large amount of access control policies can be configured dynamically through automatic composition. The differentiation and composition together allow flexible and convenient management of access control, even when it is mandatory and is configured with a highly fine granularity. This paper presents background and details of our approach, specifically differentiation of static from dynamic access control policies, configuration of static access control policies, and composition of dynamic access control policies.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Model Driven Security: Unification of Authorization Models for Fine-Grain Access Control

The research vision of the Unified Component Meta Model Framework (UniFrame) is to develop an infrastructure for components that enables a plug and play component environment where the security contracts are a part of the component description and the security aware middleware is generated by the component integration toolkits. That is, the components providers will define security contracts in...

متن کامل

A model for specification, composition and verification of access control policies and its application to web services

Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...

متن کامل

The effect of Self-differentiation Training Based on Bowen Theory on Women's Self-differentiation and Marital Satisfaction

Background & aim: Individuals with differentiation of self will have healthy relationships with others, manage their emotions, take care of their own identity, and they suppose, feel, and act for themselves. Therefore, the present study aimed to examine the efficacy of self-differentiation training based on the Bowen’s theory on women’s self-differentiation and marital...

متن کامل

Diagnostic Value of Measurement Specific Gravity by Refractometric and Dipstick Method in Differentiation between Transudate and Exudate in Pleural and Peritoneal Fluid

Background: Accumulation of pleural and peritoneal fluid is seen in some diseases. In order to diagnose the disease and start the treatment, one of the most important actions will be to differentiate between exudates and transudates. The objective of this study was to determine the diagnostic value of measuring the specific gravity of the fluid through...

متن کامل

Composing Software Defined Networks

Managing a network requires support for multiple concurrent tasks, from routing and traffic monitoring, to access control and server load balancing. Software-Defined Networking (SDN) allows applications to realize these tasks directly, by installing packet-processing rules on switches. However, today’s SDN platforms provide limited support for creating modular applications. This paper introduce...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2001