Uni ed Support for Heterogeneous Security Policies in Distributed Systems

Modern distributed systems tend to be conglomerates of heterogeneous subsystems, which have been designed separately, by di erent people, with little, if any, knowledge of each other | and which may be governed by di erent security policies. A single software agent operating within such a system may nd itself interacting with, or even belonging to, several subsystems, and thus be subject to several disparate policies. If every such policy is expressed by means of a di erent formalism and enforced with a di erent mechanism, the situation can get easily out of hand. To deal with this problem we propose in this paper a security mechanism that can support e ciently, and in a uni ed manner, a wide range of security models and policies, including: conventional discretionary models that use capabilities or access-control lists, mandatory lattice-based access control models, and the more sophisticated models and policies required for commercial applications. Moreover, under the proposed mechanism, a single agent may be involved in several di erent modes of interactions that are subject to disparate security policies.