Representation and evaluation of security policies for distributed system services

Ryutov, Tatyana; Neuman, Clifford

doi:10.1109/discex.2000.821518

Cited by 28 publications

(21 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In our example with long distance telephone carriers, account's phone number, encoded in the name of the resource in question, can be now used during policy evaluation. 1 Other examples of middleware security systems in which the enforcement function is implemented by an application system are Praesidium [22], Adage [23], GAA API [10,11,24] and Access Control Unit in [6]. As in RAD, these solutions feature an authorization function invoked by an application for obtaining access control decisions, which are expected to be enforced by an application.…”

Section: Adae With Targetmentioning

confidence: 99%

“…Performing expensive re-incarnation of target objects for making security decisions also creates a vulnerability for denial of service attacks. Despite DF having a potential to be specific to the application domain, ADME schema allows enforcement of only those run-time pre-requisites, such as (dynamic) conditions in [10,11] and [6], obligations in XACML [12] and provisions in [13], that are non-specific to application domains (such as CPU load). This limitation is due to EF being part of the generic middleware layer.…”

Section: Mdme --Everything Is Done By Middlewarementioning

confidence: 99%

See 1 more Smart Citation

Object Security Attributes: Enabling Application-Specific Access Control in Middleware

Beznosov¹

2002

On the Move to Meaningful Internet Systems 2002: CoopIS, DOA, and ODBASE

View full text Add to dashboard Cite

Abstract. This paper makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for reasoning about the architecture of the security mechanisms in distributed applications that follow the decision-enforcement paradigm of the reference monitor. It uses the framework to demonstrate that the existing solutions lack satisfying tradeoffs for a wide range of those applications that require application-specific factors to be used in security decisions while mediating access requests.Second, by introducing attribute function in addition to decision and enforcement functions, it proposes a novel scheme for clean separation among suppliers of middleware security, security decision logic, and application-logic, while supporting application-specific protection policies. To illustrate the scheme on a concrete example, we describe its mapping into CORBA Security.

show abstract

Section: Adae With Targetmentioning

confidence: 99%

Section: Mdme --Everything Is Done By Middlewarementioning

confidence: 99%

Object Security Attributes: Enabling Application-Specific Access Control in Middleware

Beznosov¹

2002

On the Move to Meaningful Internet Systems 2002: CoopIS, DOA, and ODBASE

View full text Add to dashboard Cite

show abstract

“…A variety of policy languages and models have been proposed. Some of them are generic [1,14,25,26,37] while others are designed for specific applications [7,11,36,38] or data models [8,9,19,29].…”

Section: Related Workmentioning

confidence: 99%

Defining and Measuring Policy Coverage in Testing Access Control Policies

Martin

Xie

2006

Information and Communications Security

View full text Add to dashboard Cite

Abstract. To facilitate managing access control in a system, security officers increasingly write access control policies in specification languages such as XACML, and use a dedicated software component called a Policy Decision Point (PDP). To increase confidence on written policies, certain types of policy testing (often in an ad hoc way) are usually conducted, which probe the PDP with some typical requests and check PDP's responses against expected ones. This paper develops a first step toward systematic policy testing by defining and measuring policy coverage when testing policies. We have developed a coverage-measurement tool to measure policy coverage given a set of XACML policies and a set of requests. We have developed a tool for request generation, which randomly generates requests for a given set of policies, and a tool for request reduction, which greedily selects a nearly minimal set of requests for achieving the same coverage as the originally generated requests. To evaluate coverage-based request reduction and its effect on fault detection, we have conducted an experiment with mutation testing on a set of real policies. Our experimental results show that the coverage-based test reduction can substantially reduce the size of generated requests and incur only relatively low loss on fault detection. We also conduct a study on the policy coverage achieved by manually generated requests.

show abstract

“…It also allows reusability of policies in different heterogeneous environments, especially inside different administrative domains. Due to these reasons and advantages, the policy paradigm is applied to build an A x service architecture, which leaves the policy representation [10] out of scope here.…”

Section: Policy Paradigmmentioning

confidence: 99%