Pub Date : 2002-12-09DOI: 10.1109/CSAC.2002.1176306
Geetanjali Sampemane, P. Naldurg, R. Campbell
Active Spaces are physical spaces augmented with heterogeneous computing and communication devices along with supporting software infrastructure. This integration facilitates collaboration between users, and promotes greater levels of interaction between users and devices. An Active Space can be configured for different types of applications at different times. We present an access control system that automates the creation and enforcement of access control policies for different configurations of an Active Space. Our system explicitly recognizes different modes of cooperation between groups of users, and the dependence between physical and virtual aspects of security in Active Spaces. Our model provides support for both discretionary and mandatory access control policies, and uses role-based access control techniques for easy administration of users and permissions. We dynamically assign permissions to user roles based on context information. We show how we can create dynamic protection domains. This allows administrators and application developers the ability to customize access control policies on a need-to-protect basis. We also provide a semi-formal specification and analysis of our model and show how we preserve safety properties in spite of dynamic changes to access control permissions.
{"title":"Access control for Active Spaces","authors":"Geetanjali Sampemane, P. Naldurg, R. Campbell","doi":"10.1109/CSAC.2002.1176306","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176306","url":null,"abstract":"Active Spaces are physical spaces augmented with heterogeneous computing and communication devices along with supporting software infrastructure. This integration facilitates collaboration between users, and promotes greater levels of interaction between users and devices. An Active Space can be configured for different types of applications at different times. We present an access control system that automates the creation and enforcement of access control policies for different configurations of an Active Space. Our system explicitly recognizes different modes of cooperation between groups of users, and the dependence between physical and virtual aspects of security in Active Spaces. Our model provides support for both discretionary and mandatory access control policies, and uses role-based access control techniques for easy administration of users and permissions. We dynamically assign permissions to user roles based on context information. We show how we can create dynamic protection domains. This allows administrators and application developers the ability to customize access control policies on a need-to-protect basis. We also provide a semi-formal specification and analysis of our model and show how we preserve safety properties in spite of dynamic changes to access control permissions.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126052267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1109/CSAC.2002.1176303
Peng Liu
In this paper we propose four architectures for intrusion-tolerant database systems. While traditional secure database systems rely on prevention controls, an intrusion-tolerant database system can operate through attacks in such a way that the system can continue delivering essential services in the face of attacks. With a focus on attacks by malicious transactions, Architecture I can detect intrusions, and locate and repair the damage caused by the intrusions. Architecture II enhances Architecture I with the ability to isolate attacks so that the database can be immunized from the damage caused by a lot of attacks. Architecture III enhances Architecture I with the ability to dynamically contain the damage in such a way that no damage will leak out during the attack recovery process. Architecture IV enhances Architectures II and III with the ability to adapt the intrusion-tolerance controls to the changing environment so that a stabilized level of trustworthiness can be maintained. Architecture IV enhances Architecture IV with the ability to deliver differential, quantitative QoIA services to customers who have subscribed for these services even in the face of attacks.
{"title":"Architectures for intrusion tolerant database systems","authors":"Peng Liu","doi":"10.1109/CSAC.2002.1176303","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176303","url":null,"abstract":"In this paper we propose four architectures for intrusion-tolerant database systems. While traditional secure database systems rely on prevention controls, an intrusion-tolerant database system can operate through attacks in such a way that the system can continue delivering essential services in the face of attacks. With a focus on attacks by malicious transactions, Architecture I can detect intrusions, and locate and repair the damage caused by the intrusions. Architecture II enhances Architecture I with the ability to isolate attacks so that the database can be immunized from the damage caused by a lot of attacks. Architecture III enhances Architecture I with the ability to dynamically contain the damage in such a way that no damage will leak out during the attack recovery process. Architecture IV enhances Architectures II and III with the ability to adapt the intrusion-tolerance controls to the changing environment so that a stabilized level of trustworthiness can be maintained. Architecture IV enhances Architecture IV with the ability to deliver differential, quantitative QoIA services to customers who have subscribed for these services even in the face of attacks.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126201987","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: