TY - GEN
T1 - Access control in configurable systems
AU - Jaeger, Trent
N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 1999.
PY - 1999
Y1 - 1999
N2 - In a configurable system, operating systems and applications are composed dynamically from executable modules. Since dyneimically downloaded modules may not be entirely trusted, the system must be able to restrict their access rights. Current systems assign permissions to modules based on their executor, provider, and/or name. Since such modules may serve specific purposes in programs (i.e., services or applications), it should be possible to restrict their access rights based on the program for which they are used and the current state of that program. In this paper, we examine the access control infrastructure required to support the composition of systems and applications from modules. Access control infrastructure consists primarily of two functions: access control policy specification and enforcement of that policy. We survey representations for access control policy specification and mechanisms for access control policy enforcement to show the flexibility they provide and their limits. We then show how the Lava Security Architecture is designed to support flexible policy specification and enforcement.
AB - In a configurable system, operating systems and applications are composed dynamically from executable modules. Since dyneimically downloaded modules may not be entirely trusted, the system must be able to restrict their access rights. Current systems assign permissions to modules based on their executor, provider, and/or name. Since such modules may serve specific purposes in programs (i.e., services or applications), it should be possible to restrict their access rights based on the program for which they are used and the current state of that program. In this paper, we examine the access control infrastructure required to support the composition of systems and applications from modules. Access control infrastructure consists primarily of two functions: access control policy specification and enforcement of that policy. We survey representations for access control policy specification and mechanisms for access control policy enforcement to show the flexibility they provide and their limits. We then show how the Lava Security Architecture is designed to support flexible policy specification and enforcement.
UR - http://www.scopus.com/inward/record.url?scp=84983002492&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84983002492&partnerID=8YFLogxK
U2 - 10.1007/3-540-48749-2_14
DO - 10.1007/3-540-48749-2_14
M3 - Conference contribution
AN - SCOPUS:84983002492
SN - 9783540661306
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 289
EP - 316
BT - Secure Internet Programming - Security Issues for Mobile and Distributed Objects
A2 - Vitek, Jan
A2 - Jensen, Christian D.
PB - Springer Verlag
T2 - European Workshop on Distributed Object Security, EWDOS 1998 and Workshop on Mobile Object Systems: Secure Internet Mobile Computations, MOS 1998 held in conjunction with European Conference on Object-Oriented Programming, ECOOP 1998
Y2 - 21 July 1998 through 21 July 1998
ER -