A Paradigm for User-Defined Security Policies

نویسنده

  • Winfried E. Kühnhauser
چکیده

One of today's major challenges in computer security is the ever-increasing multitude of individual, application-speciic security requirements. As a positive consequence , a wide variety of security policies has been developed , each policy reeecting the speciic needs of individual applications. As a negative consequence, the integration of the multitude of policies into today's system platforms made the limitations of traditional architectural foundations of secure computer systems quite obvious. Many of the traditional architectural foundations originally aimed at supporting only a single access control policy within a single trusted system environment. This paper discusses a new paradigm to support user-deened security policies in a distributed multi-policy system. The paradigm preserves the successful properties of the traditional architectural foundations while additionally providing strong concepts for user-deened security policies. Among these concepts are policy separation, encapsula-tion, persistency, cooperation, and reusability. We illustrate the application of our approach in a DCE environment .

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Corrective Enforcement of Security Policies

Monitoring is a powerful security policy enforcement paradigm that allows the execution of a potentially malicious software by observing and transforming it, thus ensuring its compliance with a user-defined security policy. Yet some restrictions must be imposed on the monitor’s ability to transform sequences, so that key elements of the execution’s semantics are preserved. An approximation of t...

متن کامل

A Novel Approach for Securing Data using Cipher Text Policy Attribute Based Encryption

With the recent assumption and diffusion of data sharing paradigm in distributed systems such as cloud computing or online social networks, there have been increasing concerns and demands for distributed data security. The support of policies updates and enforcement of access policies is one of the most challenging issues in data sharing systems. Cipher text policy attribute-based encryption i....

متن کامل

Enforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)

One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...

متن کامل

High Level Policies in SDN

Policies for network traffic handling define packet routes through networks, enforce required quality of service, and protect networks from security threats. When expressing a policy, one needs to characterise the traffic to which the policy applies by traffic identifiers. Low level traffic identifiers, such as IP addresses and port numbers, are available in each packet. Indeed, low level traff...

متن کامل

Cassandra : Towards a Certifying App Store

Modern mobile devices store an abundance of information. However, users do not yet obtain satisfactory support for controlling what applications do with their personal data. In this article, we propose Cassandra, a tool that allows users to verify Android apps against their security needs before installation. Cassandra implements the core functionality of a conventional app store, augmented wit...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1995