Path-Based Access Control for Enterprise Networks
ISC '08 Proceedings of the 11th international conference on Information Security
Controlling Access to XML Documents over XML Native and Relational Databases
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
| Hi-index | 0.00 |
Modern computing environments involve a multitude of components working in concert to provide services to users. Computer elements, network elements, operating systems, applications, users, etc. must to be constantly managed and controlled to prevent unintended or illegal accesses that could compromise the system. Such systems rely on a security policy, namely a set of rules that define what actions are allowed and disallowed to be performed in the system, defined by policy makers to control its behavior. To avoid failures (i) information about the state of the system must be readily available to the enforcement elements, for them to make decisions according to the specified security policy, and at the same time (ii) the security policy itself must be maintained in a consistent state across the multitude of system elements. This dissertation addresses the problem of security policy consistency in decentralized heterogeneous systems. We present two novel ways for maintaining consistency in this type of environments. First, by using both static (compile time) and dynamic (run time) techniques, in which security policies are examined against each other and possible inconsistencies are identified. Second, we demonstrate how it is possible for multiple security elements to dynamically share and exchange state information, to consistently enforce security policies that span multiple access control nodes.