Enforcing Distributed Information Flow Policies Architecturally: The SAID Approach
نویسنده
چکیده
Architectural security of a distributed system is best considered at design time rather than further down the software life cycle where it may become very expensive to make even minor modifications to the software architecture. In this paper we take Architectural Interaction Diagrams (AID) [9, 8], an architecture description framework with an unique ability to encode communication efficiently and augment actions of AID components with security levels to produce SAID. This new architecture description language enables the designer to impose information flow restriction policies on system communications at design time which in turn allows a reduction of the information flow analysis problem for distributed systems to the simpler problem of information flow analysis of individual components of the distributed system.
منابع مشابه
Enforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملRBPIM: Enforcing RBAC policies in distributed heterogeneous systems
This paper presents a PCIM-based framework for storing and enforcing RBAC (Role Based Access Control) policies in distributed heterogeneous systems. PCIM (Policy Core Information Model) is an information model proposed by IETF. PCIM permits to represent network policies in a standard form, allowing software from different vendors to read the same set of policy rules. This paper describes a PCIM...
متن کاملSpecifying and enforcing a multi-policy paradigm for high assurance multi-enclave systems
One fundamental key to successful implementation of secure high assurance computer systems is the design and implementation of security policies. For systems enforcing multiple concurrent policies, the design and implementation is a challenging and difficult task. To simplify this task, we present an Inter-Enclave Multi-Policy (IEMP) paradigm for information access of the Multiple Independent L...
متن کاملEnforcing Declarative Policieswith Targeted Program Synthesis
We present a technique for static enforcement of declarative information flow policies. Given a program that manipulates sensitive data and a set of declarative policies on the data, our technique automatically inserts policy-enforcing code throughout the program to make it provably secure with respect to the policies. We achieve this through a new approach we call targeted program synthesis, w...
متن کاملEnforcing History-Based Security Policies in Mobile Agent Systems
The mobile agent paradigm used in modern distributed systems has revealed some new forms of common security threats, such as abusive resource consumption or illegitimate information flow between different and noncooperative entities. This problem is aggravated when an agent’s host doesn’t know anything about the agent’s past activities, visited hosts and interactions with other agents. Thus, ro...
متن کامل