Published: April 1, 2011
Citation: Journal of Systems Architecture vol. 57, no. 4, (April 2011) pp. 412-424
Author(s)
David Ferraiolo, V. Atluri, Serban Gavrila
The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to generically enforce policy persists. While researchers, practitioners and policy makers have specified a large variety of access control policies to address real-world security issues, only a relatively small subset of these policies can be enforced through off-the-shelf technology, and even a smaller subset can be enforced by any one mechanism. In this paper, we propose an access control framework, referred to as the Policy Machine (PM) that fundamentally changes the way policy is expressed and enforced. Employing PM helps in building high assurance enforcement mechanisms in three respects. First, only a relatively small piece of the overall access control mechanism needs to be included in the host system (e.g., an operating system or application). This significantly reduces the amount of code that needs to be trusted. Second, it is possible to enforce the precise policies of resource owners, without compromise on enforcement or resorting to less effective administrative procedures. Third, the PM is capable of generically imposing confinement constraints that can be used to prevent leakage of information to unauthorized principals within the context of a variety of policies to include the commonly implemented Discretionary Access Control and Role Based Access Control models.
The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to generically enforce policy persists. While researchers,...
See full abstract
The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to generically enforce policy persists. While researchers, practitioners and policy makers have specified a large variety of access control policies to address real-world security issues, only a relatively small subset of these policies can be enforced through off-the-shelf technology, and even a smaller subset can be enforced by any one mechanism. In this paper, we propose an access control framework, referred to as the Policy Machine (PM) that fundamentally changes the way policy is expressed and enforced. Employing PM helps in building high assurance enforcement mechanisms in three respects. First, only a relatively small piece of the overall access control mechanism needs to be included in the host system (e.g., an operating system or application). This significantly reduces the amount of code that needs to be trusted. Second, it is possible to enforce the precise policies of resource owners, without compromise on enforcement or resorting to less effective administrative procedures. Third, the PM is capable of generically imposing confinement constraints that can be used to prevent leakage of information to unauthorized principals within the context of a variety of policies to include the commonly implemented Discretionary Access Control and Role Based Access Control models.
Hide full abstract
Keywords
security policy enforcement framework; Policy Machine; access control
Control Families
None selected