Uniied Support for Heterogeneous Security Policies in Distributed Systems

Modern distributed systems tend to be conglomer-ates of heterogeneous subsystems, which have been designed separately, by diierent people, with little, if any, knowledge of each other | and which may be governed by diierent security policies. A single software agent operating within such a system may nd itself interacting with, or even belonging to, several subsystems, and thus be subject to several disparate policies. If every such policy is expressed by means of a diierent formalism and enforced with a diierent mechanism, the situation can get easily out of hand. To deal with this problem we propose in this paper a security mechanism that can support eeciently, and in a uniied manner, a wide range of security models and policies, including: conventional discretionary models that use capabilities or access-control lists, mandatory lattice-based access control models, and the more sophisticated models and policies required for commercial applications. Moreover, under the proposed mechanism, a single agent may be involved in several diierent modes of interactions that are subject to disparate security policies.