Providing policy-neutral and transparent access control in extensible systems

Providing policy-neutral and transparent access control in extensible systems (1998)

Cached

Download Links

[www.cs.washington.edu]
[www.cs.washington.edu]

Other Repositories/Bibliography

DBLP

by Robert Grimm , Brian N. Bershad

Venue:	Secure Internet Programming: Security Issues for Distributed and Mobile Objects, volume 1603 of Lecture
Citations:	19 - 3 self

BibTeX

@INPROCEEDINGS{Grimm98providingpolicy-neutral,
    author = {Robert Grimm and Brian N. Bershad},
    title = {Providing policy-neutral and transparent access control in extensible systems},
    booktitle = {Secure Internet Programming: Security Issues for Distributed and Mobile Objects, volume 1603 of Lecture},
    year = {1998},
    pages = {317--338},
    publisher = {Springer-Verlag}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Extensible systems, such as Java or the SPIN extensible operating system, allow for units of code, or extensions, to be added to a running system in almost arbitrary fashion. Extensions closely interact through low-latency, but type-safe interfaces to form a tightly integrated system. As extensions can come from arbitrary sources, not all of whom can be trusted to conform to an organization's security policy,such structuring raises the question of how security constraints are enforced in an extensible system. In this paper, we present an access control mechanism for extensible systems to address this problem. Our access control mechanism decomposes access control into a policy-neutral enforcement manager and a security policy manager, and it is transparent to extensions in the absence of security violations. It structures the system into protection domains, enforces protection domains through access control checks, and performs auditing of system operations. The access control mechanism works by inspecting extensions for their types and operations to determine which abstractions require protection, and by redirecting procedure or method invocations to inject access control operations into the system. We describe the design of this access control mechanism, present an implementation within the SPIN extensible operating system, and provide a qualitative aswell as quantitative evaluation of the mechanism.

Citations

691	ATOM: A System for Building Customized Program Analys is Tools - Srivastava, Eustace - 1994
557	From system F to typed assembly language - Morrisett, Walker, et al. - 1999
537	The protection of information in computer systems - Saltzer, Schroeder - 1975
478	A lattice model of secure information flow - DENNING - 1976
434	A Survey of Active Network Research - Tennenhouse, Smith, et al. - 1997
403	Authentication in distributed systems: Theory and practice - Lampson, Abadi, et al. - 1992
381	Safe Kernel Extensions without Run-time Checking - Necula, Lee
366	Integrity considerations for secure computer systems - Biba - 1977
343	A comparison of commercial and military computer security policies - Clark, Wilson - 1987
304	The chinese wall security policy - Brewer, Nash - 1989
235	The Design and Implementation of the 4.4BSD Operating System - MCKUSICK, BOSTIC, et al. - 1996
186	Java security: From HotJava to Netscape and beyond - Dean, Felten, et al. - 1996
174	Extensible security architectures for Java - Wallach, Balfanz, et al. - 1997
168	A decentralized model for information flow control - Myers, Liskov - 1997
137	Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 - Gong, Mueller, et al. - 1997
120	A practical alternative to hierarchical integrity policies - Boebert, Kain - 1985
111	Using Smart Clients to Build Scalable Services - Yoshikawa, Chun, et al.
102	Instrumentation and Optimization of Win32/Intel Executables using Etch - Romer, Volker, et al. - 1997
99	E.W.: Understanding java stack inspection - Wallach, Felten - 1998
85	The Java Language Speci cation - Gosling, Joy, et al. - 1996
85	Java Security: Hostile Applets, Holes and Antidotes - McGraw, Felten - 1996
69	Practical Domain and Type Enforcement for UNIX - Badger, Sterne, et al. - 1995
67	A Domain and Type Enforcement UNIX Prototype - Badger - 1996
63	Implementing Protection Domains in the Java Development Kit 1.2 - Gong, Schemers - 1998
62	Dynamic Binding for an Extensible System - Pardyak, Bershad - 1996
59	The Java Virtual Machine Speci cation - Lindholm, Yellin - 1996
57	Java Security: Present and Near Future - Gong - 1997
44	Secure Computer System: Uni ed Exposition and Multics Interpretation - Bell, Padula - 1976
43	The CRISIS wide area security architecture - Belani, Vahdat, et al. - 1998
41	Non-discretionary controls for commercial applications - Lipner - 1982
33	E cient Software-Based Fault Isolation - Wahbe, Lucco, et al. - 1993
32	Providing Policy Control Over Object Operations in a Mach Based System - Minear - 1995
30	A protection scheme for mobile agents on java - Hagimont, Ismail - 1997
28	Using mandatory integrity to enforce “commercial” security - LEE - 1988
27	Safe dynamic linking in an extensible operating system - Sirer, Fiuczynski, et al. - 1996
20	Language Support for Extensible Operating Systems - Hsieh, Fiuczynski, et al. - 1995
19	Adaptable binary programs - Graham, Lucco, et al. - 1995
8	Writing an operating system with Modula-3 - Sirer, Savage, et al. - 1996
4	SPKI certi cate theory - Ellison, Frantz, et al. - 1999
2	Developing and Using a \Policy Neutral" Access Control Policy - Olawsky, Fine, et al. - 1996
2	CACL: E cient Fine-Grained Protection for Objects - Richardson, Schwarz, et al. - 1992
1	Beyond the PaleofMAC and DAC\|De ning New Forms of Access Control - McCollum, Messing, et al. - 1990