POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Development and runtime support for situation-aware security in autonomic computing
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Hi-index | 0.00 |
In this paper we present a powerful authorization mechanism whichprovides support for: (1) periodic authorizations (both positiveand negative), that is, authorizations that hold only in specificperiods of time; (2) user-defined deductive temporal rules, bywhich new authorizations can be derived from those explicitlyspecified; (3) a hierarchical organization of subjects and objects,supporting a more adequate representation of their semantics. Fromthe authorizations explicitly specified, additional authorizationsare automatically derived by the system based on those hierarchies.The resulting model is therefore very flexible in terms of thekinds of protection requirements that it can represent. Theflexibility provided to the users requires a non trivial underlyingformal model where temporal constraints, derivation rules andobject and subject hierarchies can be represented. In particular,when inheritance and derivation rules are used simultaneously,there is need for conditions ensuring that the authorization baseis free from ambiguities. In this paper, we introduce a notion ofsafeness , and prove that it guarantees the absence of ambiguitiesand inconsistencies in the specification. Moreover, we define anefficient algorithm for computing authorizations from safespecifications. Finally, we provide a methodology for supportingtemporal authorizations in heterogeneous, distributed systems.