{"title":"A paradigm for user-defined security policies","authors":"W.E. Kuhnhauser","doi":"10.1109/RELDIS.1995.526221","DOIUrl":null,"url":null,"abstract":"One of today's major challenges in computer security is the ever-increasing multitude of individual, application-specific security requirements. As a positive consequence, a wide variety of security policies has been developed, each policy reflecting the specific needs of individual applications. As a negative consequence, the integration of the multitude of policies into today's system platforms made the limitations of traditional architectural foundations of secure computer systems quite obvious. Many of the traditional architectural foundations originally aimed at supporting only a single access control policy within a single trusted system environment. This paper discusses a new paradigm to support user-defined security policies in a distributed multi-policy system. The paradigm preserves the successful properties of the traditional architectural foundations while additionally providing strong concepts for user-defined security policies. Among these concepts are policy separation, encapsulation, persistency, cooperation, and reusability. We illustrate the application of our approach in a DCE environment.","PeriodicalId":275219,"journal":{"name":"Proceedings. 14th Symposium on Reliable Distributed Systems","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 14th Symposium on Reliable Distributed Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RELDIS.1995.526221","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 14
Abstract
One of today's major challenges in computer security is the ever-increasing multitude of individual, application-specific security requirements. As a positive consequence, a wide variety of security policies has been developed, each policy reflecting the specific needs of individual applications. As a negative consequence, the integration of the multitude of policies into today's system platforms made the limitations of traditional architectural foundations of secure computer systems quite obvious. Many of the traditional architectural foundations originally aimed at supporting only a single access control policy within a single trusted system environment. This paper discusses a new paradigm to support user-defined security policies in a distributed multi-policy system. The paradigm preserves the successful properties of the traditional architectural foundations while additionally providing strong concepts for user-defined security policies. Among these concepts are policy separation, encapsulation, persistency, cooperation, and reusability. We illustrate the application of our approach in a DCE environment.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
