The Case for Abstracting Security Policies
نویسندگان
چکیده
As Internet connectivity grows executing untrusted code becomes an increasingly serious threat. Public Key Infrastructure (PKI) and digital signatures offer some degree of protection, but are only part of a solution. In this paper we propose a mechanism of forcing applications to “declare what they intend to do” by means of an abstract behavioural model. A monitoring process is employed to dynamically ensure that programs do not deviate from their pre-declared intention. We focus particularly on the usability, transparency and maintainability of the system, which we believe to have been lacking in similar efforts. In particular we concentrate on (i) building powerful and maintainable policy specification languages and; (ii) automatic security auditing of policies.
منابع مشابه
An automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملAggregation and Separation as Noninterference Properties
This paper proposes a notation that can be used to describe information ow policies that may have transitivity, aggregation and separation (of duty) exceptions. Operators for comparing, composing and abstracting these policies are described. These allow complex policies to be built from simpler policies. A formal semantics is given based on the notion of noninterference for deterministic system...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کاملA Taxonomy for Information Flow Policies and Models
This paper proposes a notation for describing information flow policies that can express transitive, aggwga-tion and separation (of duty) exceptions. Operators for comparing, composing and abstracting flow policies are described. These atlow complex policies to be built from simpler policies. Many existing confidentiality (and by ) using a dual model, integrity policies and their models can be ...
متن کاملTitle: Abstracting Application-level Web Security Abstracting Application-level Web Security
Application-level web security refers to vulnerabilities inherent in the code of a web-application itself (irrespective of the technologies in which it is implemented or the security of the webserver/back-end database on which it is built). In the last few months application-level vulnerabilities have been exploited with serious consequences: hackers have tricked e-commerce sites into shipping ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003