Unified Support for Heterogeneous Security Policies in Distributed Systems
نویسندگان
چکیده
Modern distributed systems tend to be conglomerates of heterogeneous subsystems, which have been designed separately, by di erent people, with little, if any, knowledge of each other | and which may be governed by di erent security policies. A single software agent operating within such a system may nd itself interacting with, or even belonging to, several subsystems, and thus be subject to several disparate policies. If every such policy is expressed by means of a di erent formalism and enforced with a di erent mechanism, the situation can get easily out of hand. To deal with this problem we propose in this paper a security mechanism that can support e ciently, and in a uni ed manner, a wide range of security models and policies, including: conventional discretionary models that use capabilities or access-control lists, mandatory lattice-based access control models, and the more sophisticated models and policies required for commercial applications. Moreover, under the proposed mechanism, a single agent may be involved in several di erent modes of interactions that are subject to disparate security policies.
منابع مشابه
Supporting heterogeneous middleware security policies in WebCom
With the growing interest in service-oriented architectures, achieving seamless interoperability between heterogeneous middleware technologies has become increasingly important. While much work investigating functional interoperability between different middleware architectures has been reported, little practical work has been done on providing a unified and/or interoperable view of security be...
متن کاملSPAN: A Unified Framework and Toolkit for Querying Heterogeneous Access Policies
Incorrect policy configurations are a major cause of security failures in large-scale systems. Policy analyzers and testing tools can help with this, but often the tools are specific to one type of policy (e.g., firewalls). In contrast, the most insidious security problems often require understanding the interactions of policies across systems (e.g., firewalls, SSH, file systems, etc.). Current...
متن کاملUni ed Support for Heterogeneous Security Policies in Distributed Systems
Modern distributed systems tend to be conglomerates of heterogeneous subsystems, which have been designed separately, by di erent people, with little, if any, knowledge of each other | and which may be governed by di erent security policies. A single software agent operating within such a system may nd itself interacting with, or even belonging to, several subsystems, and thus be subject to sev...
متن کاملUniied Support for Heterogeneous Security Policies in Distributed Systems
Modern distributed systems tend to be conglomer-ates of heterogeneous subsystems, which have been designed separately, by diierent people, with little, if any, knowledge of each other | and which may be governed by diierent security policies. A single software agent operating within such a system may nd itself interacting with, or even belonging to, several subsystems, and thus be subject to se...
متن کاملIntegrating Security Policy Design into the Software Development Process Technical Report B – 01 – 06
Security is an integral part of most modern software systems, but it is still not considered as an explicit part in the development process. Security mechanisms and policies are generally added to existing systems as an afterthought, with all the problems of unsatisfied security requirements, integration difficulties, and mismatches between design models. We propose to integrate the design of a...
متن کامل