Abstract
The paper presents a new approach to building the access control systems, which allows eliminating the access matrix control (ACL) and defining the local, decentralized access policy. This approach leads to the decentralization of the access control system both in case of DAC and MAC access policies. However there is a need to introduce: (1) new data structures such as attribute certificates AC (privileges certificates), use-condition certificates UCC instead of centralized rules of the access policy, capability certificates (CC), which secure state of the access control system is dependent on, and (2) the partition of the supervisory and control system into separated protection domains. Considering the distribution of the certificates, related to the access control system, they ought to be delivered to the reference monitor in a proper way, and applied to the subject request authorization. The protection domain structure is also specified. This structure models the trust relations between users (subjects) of the system and protected domains. The security theorem, which is formulated in the paper, specifies the necessary conditions for a distributed supervisory and control system to be secure.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bell D.E., L.J. LaPadula Secure computer systems: mathematical foundations, ESD-TR-73-278, vol. 1-2, ESD/AFSC, Hanscom AFB, Bedford, MA, November 1973 (MTR-2547, vol. 1-2, MITRE Corp., Bedford, MA)
Bell D.E., L.J. LaPadula Secure computer systems: a refinement of the mathematical model, Technical Report ESD-TR-73-278, vol.3, ESD/AFSC, Hanscom AFB, Bedford, MA, April 1974 (MTR-2547, vol.3, MITRE Corp., Bedford, MA)
Bell D.E., L.J. LaPadula Secure computer systems: mathematical foundations and model, Technical Report M74-244, The MITRE Corp., Bedford, MA, 1974
Bell D.E., L.J. LaPadula Secure computer systems: unified exposition and Multics interpretation, The MITRE Corp., Bedford, MA, 1975
E. Bertino, E. Ferrari, F. Buccafurri, P. Rullo A Logical Framework for Reasoning on Data Access Control Policies, Proceeding of the 12th IEEE Computer Security Workshop, IEEE Computer Society Press, July 1999
K.J. Biba Integrity considerations for secure computer systems, ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA, April 1977 (MTR-3153, MITRE Corp., Bedford, MA)
M. Blaze, J. Feigenbaum, J. Lacy Decetralized Trust Management, in Proc.1996 IEEE Synposium on Security and Privacy, pp.164â173, Oakland, CA, May 1996, IEEE Computer Society Press
M. Blaze, J. Feigenbaum, J. Ioannidis âA.D. Keromytis The Role of Trust Management in Distributed Systems Security, in Secure Internet Pogramming: Security Issues for Mobile and Distributed Objects, ed. Jan Vitek and Ch. Jensen, Springer-Verlag Inc, New York
S. Castano, M.G. Fugini, G. Martella, P. Samarati Database security, Addison-Wesley Publishing Company, New York 1994.
C. Ellison, B. Frantz, B. Lampsonâ R. Rivest, B.M. Thomas, T. Ylonen SPKI Certificate Theory, Network Working Group, RFC 2693, September 1993
S. Farrell, R. Housley â Internet X. 509 Public Key Infrastructure â An Internet Attribute Certificate Profile for Authorization, PKIX Working Group, Internet Draft, May 2000, <http://www. ietf.org/internet-drafts/draft-ietf-pkix-ac509prof-06. txt>
W. Johnston, S. Mudumbai, M. Thompson Authorization and Attribute Certificates for Widely Distributed Access Control, IEEE 7th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE â98
W. E. Kuhnhauser Paradigm for User-Defined security Policies, Proceedings of 14th IEEE Symposium on Reliable Distributed Systems, 1995, IEEE Press
W. E. Kuhnhauser, M. Von Kopp Ostrowski A Formal Framework to Support Multiple Security Policies, Proceedings of 7th Canadian Computer Security Symposium, Ottawa, Canada, May 1995
J. McLean Security models, in Encyclopedia of Software Engineering, ed. J. Marciniak, Weley Press, 1994
J. PejaĆ, W. Chocianowicz Model of Multilevel Infromation Security for Distributed Supervisory and Control Systems, Third National Scientifically-Technical Conference on Diagnostics of Industrial Processes, September 7-10, 1998 r, Jurata k/GdaĆska
J. PejaĆ, W. Chocianowicz The Role of the Trusted Third Party in Management of Cryptographic Keys Containers for Distributed Supervisory and Control Systems (in polish), Fourth Third National Scientifically-Technical Conference on Diagnostics of Industrial Processes, September 13-16, 1999, Kazimierz Dolny
T.Y.C. Woo, S.S. Lam Authorization in Distributed Systems: A New Approach, Journal of Computer Security, 2, pp. 107â136,1993
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2002 Springer Science+Business Media New York
About this chapter
Cite this chapter
PejaĆ, J. (2002). Multilevel Lattice-Based Authorization in Distributed Supervisory and Control Systems. In: SoĆdek, J., PejaĆ, J. (eds) Advanced Computer Systems. The Springer International Series in Engineering and Computer Science, vol 664. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-8530-9_30
Download citation
DOI: https://doi.org/10.1007/978-1-4419-8530-9_30
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4613-4635-7
Online ISBN: 978-1-4419-8530-9
eBook Packages: Springer Book Archive