Abstract
To provide security for active networking nodes with respect to availability and controlled access the introduction of an access control mechanism and consequently a policy framework are mandatory. We follow the approach of a scenario-tailored runtime supervision of the service. During the development of the access control mechanism we strongly focused on keeping the mechanism as efficient as possible and to realize a modular design which allows to dynamically upgrade and configure the mechanism making use of the active networking technology itself while at the same time ensuring that mandatory security checks cannot be circumvented. Each service has to pass initial checks before it could be executed on an active node. Furthermore, also service-specific adaptive criterions could be included into the initial check. This paper discusses the corresponding flexible and dynamic access control policy framework and we also present results achieved with a first prototype realized for the active networking environment AMnet.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
Bibliography
Guy Edjlali, Anurag Acharya, and Vipin Chaudhary. History-based access control for mobile code. In ACM Conference on Computer and Communications Security, pages 38–48, 1998.
David Evans and Andrew Twyman. Flexible policy-directed code safety. In IEEE Symposium on Security and Privacy, pages 32–45, 1999.
S. Garfinkel G. Spafford. Practical UNIX & Internet Security. O’Reilly, 1996.
Li Gong. Java security: present and near future. IEEE Micro, 17(3): 14–19, 1997.
Till Harbaum, Anke Speer, Ralph Wittmann, and Martina Zitterbart. Amnet: Efficient heterogeneous group communication through rapid service creation.
John J. Hartman, Peter A. Bigot, Patrick Bridges, Brady Montz, Rob Piltz, Oliver Spatscheck, Todd A. Proebsting, Larry L. Peterson, and Andy Bavier. Joust: A platform for liquid software. Computer, 32(4):50–56, 1999.
A. Hess, M. Schoeller, G. Schaefer, M. Zitterbart, and A. Wolisz. A dynamic and flexible access control and resource monitoring mechanism for active nodes. In Proc. of OpenArch 2002, Short Paper Session, New York, USA, June 2002. IEEE.
Michael W. Hicks, Jonathan T. Moore, D. Scott Alexander, Carl A. Gunter, and Scott Nettles. PLANet: An active internetwork. In INFOCOM (3), pages 1124–1133, 1999.
A. J. Kfoury, R. N. Moll, and M. A. Arbib. A Programming Approach to Com-putability. Springer, Berlin, 1986.
Z. Liu, R. Campbell, and M. Mickunas. Securing the node of an active network, 2000.
N. V. Mehta and K. R Sollins. Expanding and extending the security features of Java. In 7th Usenix Security Symposium, pages 159–172, 1998.
David Mosberger and Larry L. Peterson. Making paths explicit in the scout operating system. In Operating Systems Design and Implementation, pages 153–167, 1996.
R. H. Campbell P. Naldurg and M. D. Mickunas. Developing dynamic security policies. 2002.
Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9): 1278–1308, September 1975.
Fred B. Schneider. Enforceable security policies. Information and System Security, 3(1):30–50, 2000.
Dan S. Wallach, Dirk Balfanz, Drew Dean, and Edward W. Feiten. Extensible security architectures for Java. In 16th Symposium on Operating Systems Principles, pages 116–128,1997.
Ralph Wittmann and Martina Zitterbart. AMnet: Active multicasting network. In COST 237 Workshop, pages 154–164, 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hess, A., Schäfer, G. (2003). A Flexible and Dynamic Access Control Policy Framework for an Active Networking Environment. In: Irmscher, K., Fähnrich, KP. (eds) Kommunikation in Verteilten Systemen (KiVS). Informatik aktuell. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-55569-5_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-55569-5_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00365-6
Online ISBN: 978-3-642-55569-5
eBook Packages: Springer Book Archive