Abstract
From the security point of view, one challenge for today’s distributed architectures is to support interoperation between applications relying on different possibly inconsistent security policies.
This paper proposes a practical solution for dealing with the coexistence of different security policies in distributed architectures. We introduce a model for specifying security policies in terms of security domains, access control and information flow rules. Then, we identify the set of operators for combining the specifications of sub-policies and we address the validity of the resulting policy according to the security properties of the sub-policies.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abadi and L. Lamport. Composing Specification. Technical Report 66, Digital Systems Research Center, Oct. 1990.
M. Abrams, L. LaPadula, K. Eggers, and I. Olson. A Generalized Framework for Access Control: an Informal Description. In Proceedings of the 13th National Computer Security Conference, pages 134–143, Oct. 1990.
D. E. Bell. Modeling the Multipolicy Machine. In Proceedings of the New Security Paradigm Workshop, pages 2–9, Aug. 1994.
D. E. Bell and L. J. LaPadula. Secure Computer Systems: Unified Exposition and Multics Interpretation. Technical Report MTR-2997 Rev. 1, MITRE Corporation, Bedford, Mass, 1976.
E. Bertino, S. Jajodia, and P. Samarati. Supporting Multiple Access Control Policies in Database Systems. In Proceedings of the IEEE Symposium on Security and Privacy, pages 94–107, May 1996.
C. Bidan and V. Issarny. A Configuration-based Environment for Dealing with Multiple Security Policies in Open Distributed Systems. In Proceedings of the 2nd European Research Seminar on Advances in Distributed Systems, Mar. 1997. Url: http://www.irisa.fr/solidor/work/aster.
C. Bidan and V. Issarny. Security Benefits from Software Architecture. In Proceedings 2nd International Conference on Coordination Models and Languages, pages 64–80, Sept. 1997. Url: http://www.irisa.fr/solidor/work/aster.
P. Bieber and F. Cuppens. A logical view of secure dependencies. Journal of Computer Security, 1(1):99–129, 1992.
D. Clark and D. Wilson. A Comparison of Commercial and Military Computer Security Policies. In I. C. Society, editor, Proceedings of the IEEE Symposium on Security and Privacy, 1987.
R. Deng, S. Bhonsle, W. Wang, and A. Lazar. Integrating Security in CORBA Based Object Architectures. In Proceedings of the IEEE Symposium on Security and Privacy, pages 50–61, May 1995.
Department of Defense Standard. Trusted Computer System Evaluation Criteria. Technical Report DoD 5200.28-STD, Dec. 1985.
S. Foley, L. Gong, and X. Qian. A Security Model of Dynamic Labeling Providing a Tiered Approach to Verification. In Proceedings of the IEEE Symposium on Security and Privacy, pages 142–153, May 1996.
J. Goguen and J. Meseguer. Security Policies and Security Models. In Proceedings of the IEEE Symposium on Security and Privacy, pages 11–20, May 1982.
L. Gong and X. Qian. Computational issue in secure interoperation. IEEE Transactions on Software Engineering, 22(1):43–52, Jan. 1996.
OMG Security Working Group. White Paper on Security. TC Document 94.4.16, OMG, Apr. 1994. Available by ftp at ftp.omg.org:/pub/docs.
H. Hosmer. Metapolicies II. In Proceedings of the 15th National Computer Security Conference, pages 369–378, 1992.
V. Issarny, C. Bidan, and T. Saridakis. Achieving Midleware Customization in a Configuration-Based Development Evironment: Experience with the Aster Prototype. In Proceedings of the 4th International Conference on Configurable Distributed Systems, 1998. Url:http://www.irisa.fr/solidor/work/aster.
C. E. Landwehr. Formal models for computer security. ACM Computing Surveys, 13(3):247–278, Nov. 1981.
J. McLean. The Algebra of Security. In Proceedings of the 1988 IEEE Computer Society Symposium on Security and Privacy, pages 2–7, Apr. 1988.
J. McLean. Security Models and Information Flow. In Proceedings of the IEEE Symposium on Security and Privacy, pages 180–187, May 1990.
J. McLean. A general theory of composition for a class of possibilistic properties. IEEE Transactions on Software Engineering, 22(1):53–67, Jan. 1996.
J. D. Moffett, M. D. Sloman, and K. Twidle. Specifying Discretionary Access Control Policy for Distributed Systems. Computer Communications, 13(9):571–580, Nov. 1990.
National Computer Security Center. Trusted Network Interpretation of the TC-SEC. Technical Report NCSC-TG-005, July 1987.
OMG. The Common Object Request Broker: Architecture and Specification–Revision 2.0. Technical report, OMG Document, 1995.
D. Sutherland. A Model of Information. In Proceedings of the 9th National Computer Security Conference, pages 2–12, Sept. 1986.
TINA-C. TINA Object Definition Language (Tina-Odl) Manual — Version 1.3. Technical Report TR_NM.002_1.3_95, TINA-C Document, 1995.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bidan, C., Issarny, V. (1998). Dealing with multi-policy security in large open distributed systems. In: Quisquater, JJ., Deswarte, Y., Meadows, C., Gollmann, D. (eds) Computer Security — ESORICS 98. ESORICS 1998. Lecture Notes in Computer Science, vol 1485. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055855
Download citation
DOI: https://doi.org/10.1007/BFb0055855
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65004-1
Online ISBN: 978-3-540-49784-4
eBook Packages: Springer Book Archive