SELinux: NSA's Open Source Security Enhanced Linux
SELinux: NSA's Open Source Security Enhanced Linux
PERMIS: a modular authorization infrastructure
Concurrency and Computation: Practice & Experience - UK e-Science All Hands Meeting 2006
| Hi-index | 0.00 |
Cross-domain information exchange is a growing problem, as business and governmental organizations increasingly need to integrate their information systems with those of partially trusted partners. Current identity management and access control technologies operate only within a specific domain and are unable to scale to the asymmetric, heterogeneously administered, and highly restrictive security policies of cross-domain environments. We approach the problem as one of adjustable autonomy, in which the human administrator needs to encode policy intent in a way that allows routine decisions about policy interactions to be safely delegated to the machine. In this paper, we present work toward such a system, combining a lattice representation of access control decisions and client attributes with search through a space of cross-domain mapping relations. This combination enables a policy resolution algorithm that resolves routine policy interactions while flagging potential conflicts for attention from a human administrator.