Situation-based policy enforcement

Authors:
Thomas Buntrock;Hans-Christian Esperer;Claudia Eckert
Affiliations:
Technische Universitt Darmstadt, Department of Computer Science, Darmstadt, Germany;Technische Universitt Darmstadt, Department of Computer Science, Darmstadt, Germany;Technische Universitt Darmstadt, Department of Computer Science, Darmstadt, Germany
Venue:
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Year:
2007

Citing 11
Cited 0

Role-Based Access Control Models

Computer
The context toolkit: aiding the development of context-enabled applications

Proceedings of the SIGCHI conference on Human Factors in Computing Systems
Securing context-aware applications using environment roles

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Context sensitivity in role-based access control

ACM SIGOPS Operating Systems Review
Integrating Flexible Support for Security Policies into the Linux Operating System

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Linux Security Modules: General Security Support for the Linux Kernel

Proceedings of the 11th USENIX Security Symposium
The Conference Assistant: Combining Context-Awareness with Wearable Computing

ISWC '99 Proceedings of the 3rd IEEE International Symposium on Wearable Computers
Generalized Role-Based Access Control

ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
Practical Domain and Type Enforcement for UNIX

SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Context sensitive access control

Proceedings of the tenth ACM symposium on Access control models and technologies
Analyzing integrity protection in the SELinux example policy

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12

Quantified Score

Hi-index	0.00

Visualization

Abstract

Current operating systems enforce access control policies based on completely static rules, a method originating from a time where computers were expensive and had to serve several users simultaneously. Today, as computers are cheap, a trend to mobile workstations can be realized, where a single device is used to perform a dedicated task under unpredictable, changing conditions. However, the static access rules still remain, while their use in mobile environments is limited, because in changing environments, access rights must constantly be adjusted to guarantee data integrity in all situations. With dynamically adjusting rules, in turn, it is not sufficient anymore to check access to data only once; instead, access rights must be revalidated every time data is actually accessed, even if part of that data is cached by an application. In this paper, we present a method to dynamically and retrospectively enforce access control policies based on the context a device is operating in, while tracing data beyond disk accesses.