Unified Support for Heterogeneous Security Policies in Distributed Systems

Authors: 

Naftaly H. Minsky and Victoria Ungureanu, Rutgers University

Abstract: 

Modern distributed systems tend to be conglomerates of heterogeneous subsystems, which have been designed separately, by different people, with little, if any, knowledge of each other - and which may be governed by different security policies. A single software agent operating within such a system may find itself interacting with, or even belonging to, several subsystems, and thus be subject to several disparate policies. If every such policy is expressed by means of a different formalism and enforced with a different mechanism, the situation can get easily out of hand.

To deal with this problem we propose in this paper a security mechanism that can support effciently, and in a unified manner, a wide range of security models and policies, including: conventional discretionary models that use capabilities or access-control lists, mandatory lattice-based access control models, and the more sophisticated models and policies required for commercial applications. Moreover, under the proposed mechanism, a single agent may be involved in several different modes of interactions that are subject to disparate security policies.

BibTeX
@inproceedings {261399,
author = {Naftaly H. Minsky and Victoria Ungureanu},
title = {Unified Support for Heterogeneous Security Policies in Distributed Systems},
booktitle = {7th USENIX Security Symposium (USENIX Security 98)},
year = {1998},
address = {San Antonio, TX},
url = {https://www.usenix.org/conference/7th-usenix-security-symposium/unified-support-heterogeneous-security-policies-distributed},
publisher = {USENIX Association},
month = jan
}