A Language and System for Composing Security Policies∗
نویسندگان
چکیده
We introduce a new language and system that allows security architects to develop well-structured and easy-to-maintain security policies for Java applications. In our system, policies are first-class objects. Consequently, programmers can define parameterized meta-policies that act as policy combinators and policy modifiers, so that complex security policies can be implemented by composing simple base policies. We demonstrate the effectiveness of our design by building up a library of powerful policy combinators and showing how they can be used. We also describe some issues we encountered while implementing our system and provide performance results.
منابع مشابه
Validation of Policy Integration Using Alloy
Organizations typically have multiple security policies operating together in the same system. The integration of multiple policies might be needed to achieve the desired security requirements. Validating this integrated policy is a non-trivial process. This paper addresses the problem of composing, modeling and validating the security policies. We show how the various approaches for composing ...
متن کاملAn automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملAnalysis of Intersectoral Collaboration in the Iranian Health System for Implementing Health in all Policies: Challenges and the Way Forward (This Research was Conducted Before the Covoid-19 Pandemic)
Background and Aim: For achievement of equity in the population health the implementation of health in all policies is essential. The most crucial intervention in this approach is inter-sectoral collaboration. Materials and Methods: This was a qualitative study based on the national policy framework. Data were collected using literature review, in-depth interviews and focus group discussions ...
متن کاملForeign Language Education Policies in Iran: Pivotal Macro Considerations
Foreign Language Education Policy (FLEP) needs to be understood as part of broader educational policies and as situated within overarching social macro plans. In this paper, based on a conception of policy as distinct from goals and objectives, and with a view of the relevant literature, we will present some theoretical guidelines of setting and/or evaluating foreign language education policies...
متن کاملTypes and Effects for Non-interfering Program Monitors
A run-time monitor is a program that runs in parallel with an untrusted application and examines actions from the application’s instruction stream. If the sequence of program actions deviates from a specified security policy, the monitor transforms the sequence or terminates the program. We present the design and formal specification of a language for defining the policies enforced by program m...
متن کامل