The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java. It supports obligation policies that are event triggered conditionaction rules for policy based management of networks and distributed systems. Ponder can also be used for security management activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. Key concepts of the language include roles to group policies relating to a position in an organisation, relationships to define interactions between roles and management structures to define a configuration of roles and relationships pertaining to an organisational unit such as a department. These reusable composite policy specifications cater for the complexity of large enterprise information systems. Ponder is declarative, stronglytyped and object-oriented which makes the language flexible, extensible and adaptable to a wide range of management requirements.

Operating systems must be flexible in their support for security policies, providing sufficient mechanisms for supporting the wide variety of real-world security policies. Such flexibility requires controlling the propagation of access rights, enforcing fine-grained access rights and supporting the revocation of previously granted access rights. Previous systems are lacking in at least one of these areas. In this paper we present an operating system security architecture that solves these problems. Control over propagation is provided by ensuring that the security policy is consulted for every security decision. This control is achieved without significant performance degradation through the use of a security decision caching mechanism that ensures a consistent view of policy decisions. Both fine-grained access rights and revocation support are provided by mechanisms that are directly integrated into the service-providing components of the system. The architecture is described through its prototype implementation in the Flask microkernelbased operating system, and the policy flexibility of the prototype is evaluated. We present initial evidence that the architecture’s impact on both performance and code complexity is modest. Moreover, our architecture is applicable to many other types of operating systems and environments. 1

Enterprises collect a large amount of personal data about their customers.

Permission is granted for noncommercial reproduction of the work for educational or research purposes.

Originator Control is an access control policy that requires recipients to gain originator’s approval for redissemination of disseminated digital object. Originator control policies are one of the generic and key concerns of usage control. Usage control is an emerging concept which encompasses traditional access control and digital rights management solutions. However, current commercial Digital Rights Management (DRM) solutions lack enforcement of access control policies such as role-based access control (RBAC), mandatory access control (MAC), discretionary access control (DAC) and originator control because their control of access to digital object is mainly based on payment. In this paper, we attempt to combine originator control policies and usage control. Then we show how this can extend traditional originator control solutions to enforce access control policies even outside of a local control environment where a central control authority is not available. License and ticket concepts are proposed and used for originator control in usage control. Also, we define seven different solution approaches to deal with various dissemination situations. In addition, we discuss some published DRM solutions and relate these to our solution approaches. 1.

Policies are rules governing the choices in behaviour of a system. They are often used as a means of implementing flexible and adaptive systems for management of internet services, distributed systems, and security systems. There is also a need for a common specification of security policy for large-scale, multiorganisational systems where access control is implemented in a variety of heterogeneous components. In this paper we survey both security and management policy specification approaches. We also cover the issues relating to detecting and resolving conflicts which can arise in the policies and some ideas on how to refine high level goals and service level agreements into implementable policies. The paper briefly outlines some of the research issues that have to be solved for large-scale adoption of policy-based systems.

Security management involves specification and deployment of access control policies as well as activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. The management actions to be performed when an event occurs depend on the enterprise policy. Reusable composite policy specifications are important to cater for the complexity of large enterprise information systems. Analysing policies for conflicts is essential for the safe operation of the system. This paper describes the Ponder language for specifying policies for security management of Distributed Systems. Ponder is declarative, stronglytyped and object-oriented which makes the language flexible, scalable and adaptable to a wide range of security requirements.

While there are several efforts underway to provide security for the Service Oriented Architecture (SOA), there is no specification or standard defined to provide authorization services for the SOA. The SOA comprises of Web services and business process workflows built using Web services. Based on our analysis of existing authorization frameworks and policy specification models for the SOA, we envisage an authorization framework for the SOA to provide extensions to both the security layers of Web services and business processes separately. Also the Web services Description and Messaging layers must be extended to support authorization services designed for the SOA. In this paper, we lay out the core design principles for authorization services in each of these layers to achieve a comprehensive design of an authorization framework for the SOA.

. The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java. It supports obligation policies that are event triggered condition-action rules for policy based management of networks and distributed systems. Ponder can also be used for security management activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. Key concepts of the language include roles to group policies relating to a position in an organisation, relationships to define interactions between roles and management structures to define a configuration of roles and relationships pertaining to an organisational unit such as a department. These reusable composite policy specifications cater for the complexity of large enterprise information systems. Ponder is declarative, strongly-typed and object-or...

Abstract not found