A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
ACM Transactions on Information and System Security (TISSEC)
Time, clocks, and the ordering of events in a distributed system
Communications of the ACM
Java Virtual Machine Specification
Java Virtual Machine Specification
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Efficient Decentralized Monitoring of Safety in Distributed Systems
Proceedings of the 26th International Conference on Software Engineering
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
A secure active network environment architecture: realization in SwitchWare
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
The shift from single server environments to globally distributed systems presents a great challenge in terms of defining and enforcing appropriate security policies. This is, among other things, due to the fact that the actual order between events in an asynchronous distributed environments is not always defined. In addition, security policies often depend on the actual information exchange among the distributed entities. In this paper we study the problem of adapting security policies to distributed environments such as grids and mobile code systems. We define global security policy and indicate some of the difficulties in translating local policies to the distributed environment. Then, we propose an efficient and scalable decentralized security mechanism for the enforcement of global stateful security policies in distributed computational systems. The mechanism is based on multiple instances of execution monitors (smart sandboxes) running on the distributed entities and on efficient security information sharing among them. We show that the subclasses of EM policies enforceable by this mechanism contain useful and real live security policies such as global information flow policies.