A Framework for Composable Security Definition, Assurance, and Enforcement
نویسندگان
چکیده
The objective of this research is to develop techniques that integrate alternative security concerns (e.g., mandatory access control, delegation, authentication, etc.) into the software process. The resulting model-driven framework preserves separation of security concerns from modeling through implementation, and allows security personnel to pick and choose security concerns to concerns promotes security assurance, and should result in a reduction of the security defects in the final system. To achieve separation of concerns at the modeling level, concern-specific languages are defined to capture alternative security concerns. At the implementation level, aspectoriented programming is used to integrate security concerns into an application’s code, while preserving modularity. This composition seamlessly combines the chosen security concerns to realize an application’s security infrastructure.
منابع مشابه
Security Assurance for a Resource-based Rbac/dac/mac Security Model
middle model. These constructs are used to build security assurance rules and authorizations which will be presented in Chapter 5 and provide the basis for our security enforcement framework and prototype (see Chapter 6). The chapter details the design assumptions required to clearly establish the security model environment and security assurance requirements. This chapter concludes with a disc...
متن کاملRole Delegation for a Distributed, Unified RBAC/MAC*
The day-today operations of corporations and government agencies rely on inter-operating legacy, COTs, databases, clients, servers, etc., which are brought together into a distributed environment running middleware (e.g., CORBA, JINI, DCOM, etc.). Both access control and security assurance within these distributed applications is paramount. Of particular concern is the delegation of authority, ...
متن کاملUniversally Composable Cryptographic Role-Based Access Control
In cryptographic access control sensitive data is protected by cryptographic primitives and the desired access structure is enforced through appropriate management of the secret keys. In this paper we study rigorous security definitions for the cryptographic enforcement of Role Based Access Control (RBAC). We propose the first simulationbased security definition within the framework of Universa...
متن کاملPolicy-Based Security for Wireless Components in High Assurance Computer Systems
To enable the growth of wireless networks in high assurance computer systems, it is essential to establish a security engineering methodology that provides system security managers with a procedural engineering process to develop computer security policies. Our research demonstrates how wireless communication technology is deployed using the Multiple Independent Levels of Security (MILS) archit...
متن کاملUniversally Composable Key - Management ( full version )
We present the first universally composable key-management functionality, formalized in the GNUC framework by Hofheinz and Shoup. It allows the enforcement of a wide range of security policies and can be extended by diverse key usage operations with no need to repeat the security proof. We illustrate its use by proving an implementation of a security token secure with respect to arbitrary key-u...
متن کامل