Fine-grained Access-control for the Puppet Configuration Language
نویسندگان
چکیده
System configuration tools automate the configuration and management of IT infrastructures. However these tools fail to provide decent authorisation on configuration input. In this paper we apply fine-grained authorisation of individual changes on a complex input language of an existing tool. We developed a prototype that extracts meaningful changes from the language used in the Puppet tool. These changes are authorised using XACML. We applied this approach successfully on realistic access control scenarios and provide design patterns for developing XACML policies.
منابع مشابه
On Fine-Grained Access Control for XML
Fine-grained access control for XML is about controlling access to XML documents at the granularity of individual elements or attributes. This thesis addresses two problems related to XML access controls. The first is efficient, secure evaluation of XPath expressions. We present a technique that secures path expressions by means of query modification, and we show that the query modification alg...
متن کاملDifferencing and Merging of Software Diagrams - State of the Art and Challenges
For long, fine-grained version control for software documents has been neglected severely. Typically, software configuration management systems support the management of text or binary files. Unfortunately, text-based tools for fine-grained version control are not adequate for software documents produced in earlier phases in the software life cycle. Frequently, these documents have a graphical ...
متن کاملFine Grained Version Control of Configurations in COOP/Orm
This paper describes a unified approach to version control of documents and configurations. Hierarchical structure, which is present in most documents such as programs, is recognized and utilized in a fine-grained version control system. The same mechanism is used for version control of configurations and extended to handle DAGs as well as trees. Change propagation within one hierarchical docum...
متن کاملSecure Compilation to Modern Processors: Extended Version
We present a secure (fully abstract) compilation scheme to compile an object-based high-level language to low-level machine code. Full abstraction is achieved by relying on a fine-grained program counter-based memory access protection scheme, which is part of our low-level target language. We discuss why standard compilers fail to provide full abstraction and introduce enhancements needed to ac...
متن کاملA Multiple-Policy supported Attribute-Based Access Control Architecture within Large-scale Device Collaboration Systems
In order to collaborate large numbers of heterogeneous distributed devices over multiple domains within a modern large-scale device collaboration system, a fine-grained, flexible and secure approach is required for device authentication and authorization. This paper proposed a Multiple-Policy supported Attribute-Based Access Control model and its architecture to address these demands. With eXte...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011