一个可信的使用控制实施框架

2011 Sixth International Conference on Availability, Reliability and Security Pub Date : 2011-08-22 DOI:10.4018/jmcmc.2013070103

R. Neisse, A. Pretschner, V. D. Giacomo

{"title":"一个可信的使用控制实施框架","authors":"R. Neisse, A. Pretschner, V. D. Giacomo","doi":"10.4018/jmcmc.2013070103","DOIUrl":null,"url":null,"abstract":"Usage control policies specify restrictions on the handling of data after access has been granted. We present the design and implementation of a framework for enforcing usage control requirements and demonstrate its genericity by instantiating it to two different levels of abstraction, those of the operating system and an enterprise service bus. This framework consists of a policy language, an automatic conversion of policies into enforcement mechanisms, and technology implemented on the grounds of trusted computing technology that makes it possible to detect tampering with the infrastructure. We show how this framework can, among other things, be used to enforce separation-of-duty policies. We provide a performance analysis.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"146 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":"{\"title\":\"A Trustworthy Usage Control Enforcement Framework\",\"authors\":\"R. Neisse, A. Pretschner, V. D. Giacomo\",\"doi\":\"10.4018/jmcmc.2013070103\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Usage control policies specify restrictions on the handling of data after access has been granted. We present the design and implementation of a framework for enforcing usage control requirements and demonstrate its genericity by instantiating it to two different levels of abstraction, those of the operating system and an enterprise service bus. This framework consists of a policy language, an automatic conversion of policies into enforcement mechanisms, and technology implemented on the grounds of trusted computing technology that makes it possible to detect tampering with the infrastructure. We show how this framework can, among other things, be used to enforce separation-of-duty policies. We provide a performance analysis.\",\"PeriodicalId\":254443,\"journal\":{\"name\":\"2011 Sixth International Conference on Availability, Reliability and Security\",\"volume\":\"146 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-08-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"29\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Sixth International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/jmcmc.2013070103\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Sixth International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/jmcmc.2013070103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 29

摘要

使用控制策略指定在授予访问权限后对数据处理的限制。我们展示了一个框架的设计和实现，用于执行使用控制需求，并通过将其实例化到两个不同的抽象级别(操作系统和企业服务总线的抽象级别)来演示其通用性。该框架由策略语言、策略到执行机制的自动转换以及基于可信计算技术实现的技术组成，可信计算技术使检测基础设施的篡改成为可能。我们将展示如何使用这个框架来执行职责分离策略。我们提供性能分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A Trustworthy Usage Control Enforcement Framework

Usage control policies specify restrictions on the handling of data after access has been granted. We present the design and implementation of a framework for enforcing usage control requirements and demonstrate its genericity by instantiating it to two different levels of abstraction, those of the operating system and an enterprise service bus. This framework consists of a policy language, an automatic conversion of policies into enforcement mechanisms, and technology implemented on the grounds of trusted computing technology that makes it possible to detect tampering with the infrastructure. We show how this framework can, among other things, be used to enforce separation-of-duty policies. We provide a performance analysis.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 Sixth International Conference on Availability, Reliability and Security

自引率

0.00%

发文量

期刊最新文献

Security Issues in a Synchronous e-Training Platform Deriving Current State RBAC Models from Event Logs Hidden Price of User Authentication: Cost Analysis and Stakeholder Motivation A Proposed Web Access Control System Request Policy Framework for Cooperation of DNS and a Web Browser Non-Parallelizable and Non-Interactive Client Puzzles from Modular Square Roots