|
7th USENIX Security Symposium, San Antonio, Texas
Unified Support for Heterogeneous Security Policies in Distributed Systems
Naftaly H. Minsky and Victoria Ungureanu
Rutgers University
Abstract
Modern distributed systems tend to be conglomerates of heterogeneous subsystems, which have been
designed separately, by different people, with little,
if any, knowledge of each other - and which may
be governed by different security policies. A single
software agent operating within such a system may
find itself interacting with, or even belonging to,
several subsystems, and thus be subject to several
disparate policies. If every such policy is expressed
by means of a different formalism and enforced with
a different mechanism, the situation can get easily
out of hand.
To deal with this problem we propose in this
paper a security mechanism that can support
effciently, and in a unified manner, a wide range
of security models and policies, including: conventional discretionary models that use capabilities or
access-control lists, mandatory lattice-based access
control models, and the more sophisticated models
and policies required for commercial applications.
Moreover, under the proposed mechanism, a single
agent may be involved in several different modes of
interactions that are subject to disparate security
policies.
- View the full text of this paper in
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
Technical Program