A unified security framework for networked applications

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A unified security framework for networked applications

Full text

Pdf (797 KB)

Source

Symposium on Applied Computing archive
Proceedings of the 2003 ACM symposium on Applied computing table of contents

Melbourne, Florida

SESSION: Computer security table of contents

Pages: 351 - 357

Year of Publication: 2003

ISBN:1-58113-624-2

Authors

Joerg Abendroth	Trinity College, Dublin
Christian D. Jensen	Technical University of Denmark

Sponsor

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 6, Downloads (12 Months): 29, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/952532.952602 What is a DOI?

ABSTRACT

Various security models have been proposed for different types of applications and numerous types of execution environments. These models are typically reinforced by adding code to the application, which authenticates principals, authorises operations and establishes secure communication among distributed software components (e.g., clients and servers). This code is often application and context-specific, which makes it difficult to integrate an application with other each other.In this paper we propose a new unified access control mechanism that supports most of the existing security models and offers a number of additional controls that are not normally provided by security mechanisms. Moreover, the proposed mechanism integrates well with existing programming paradigms for distributed application, e.g., client/server technology and component based programming. This means that it can be seamlessly integrated with most existing distributed applications. We have implemented the proposed mechanism in a framework, that can be instantiated to implement different security models and policies. We present a qualitative evaluation that demonstrates the framework's ability to support a wide range of security policies and a preliminary performance evaluation of the framework.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	D. Bell and L. LaPadula. Secure computer systems: Mathematical foundations and model. Report MTR 2547 v2, MITRE, November 1973.
	2	M. Burnside , D. Clarke , T. Mills , A. Maywah , S. Devadas , R. Rivest, Proxy-based security protocols in networked mobile devices, Proceedings of the 2002 ACM symposium on Applied computing, March 11-14, 2002, Madrid, Spain [doi>10.1145/508791.508845]
	3	D. Clark and D. Wilson. A comparison of commercial and military computer security policies. In IEEE Symposium on Security and Privacy, pages 184--194, 1987.
	4	C. O'Halloran. A calculus of information flow. In ESORICS 90, pages 147--159, 1990.
	5	J. Daemen and V. Rijmen. Aes proposal: Rijndael, 1998.
	6	Dorothy E. Denning, A lattice model of secure information flow, Communications of the ACM, v.19 n.5, p.236-243, May 1976 [doi>10.1145/360051.360056]
	7	R. S. Fabry, Capability-based addressing, Communications of the ACM, v.17 n.7, p.403-412, July 1974 [doi>10.1145/361011.361070]
	8	L. Gong. A secure identity-based capability system. In Proceedings of the IEEE Symposium on Security and Privacy, pages 56--63, 1989.
	9	J. Mossiere , F. Saunier, Hidden software capabilities, Proceedings of the 16th International Conference on Distributed Computing Systems (ICDCS '96), p.282, May 27-30, 1996
	10	Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, Protection in operating systems, Communications of the ACM, v.19 n.8, p.461-471, Aug. 1976 [doi>10.1145/360303.360333]
	11	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, Proceedings of the 1997 ACM SIGMOD international conference on Management of data, p.474-485, May 11-15, 1997, Tucson, Arizona, United States
	12	C. Jensen , D. Hagimont, Protection Reconfiguration for Reusable Software, Proceedings of the 2nd Euromicro Conference on Software Maintenance and Reengineering ( CSMR'98), p.74, March 08-11, 1998
	13	P. A. Karger and A. J. Herbert. An augmented capability architecture to support lattice security and traceability of access. In IEEE Symposium on Security and Privacy, pages 2--12, 1984.
	14	J. Kohl and C. Neuman. The kerberos network authentication service (v5). RFC 1510, Digital Equipment Corporation/ISI, September 1993.
	15	Henry M. Levy, Capability-Based Computer Systems, Butterworth-Heinemann, Newton, MA, 1984
	16	D. A. Marriott, M. S. Sloman, and N. Yialelis. Management policy service for distributed systems. Technical Report DoC 95/10, Imperial College, London, 1995.
	17	D. B. Marvin M. Theimer, David A. Nichols. Delegation through access control programs. In 12th International Conference on Distributed Computing Systems, pages 529--536, 1992.
	18	S. Microsystems. Jini#8482; architecture specification, version 1.2, December 2001.
	19	B. C. Neumann. Proxy-based authorisation and accounting for distributed systems. In Proceedings of the 13th International Conference on Distributed Computing Systems, pages 283--291, May 1993.
	20	T. S. S. of ITU. Information Technology -- Opens Systems Interconnection -- The Directory: Authentication Framework X.509. International Telecomunication Union, 1993. Standard international ISO/IEC 9594-8: 1995 (E).
	21	P Y A Ryan , S A Schneider, Process Algebra and Non-interference, Proceedings of the 1999 IEEE Computer Security Foundations Workshop, p.214, June 28-30, 1999
	22	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	23	Bruce Schneier, Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish), Fast Software Encryption, Cambridge Security Workshop, p.191-204, December 09-11, 1993
	24	M. Shapiro. Structure and encapsulation in distributed systems: The proxy principle. In Proceedings of the 6th International Conference on Distributed Computer Systems, pages 198--204, 1986.
	25	B. C. N. J. G. Steiner and J. I. Schiller. Kerberos: An authentication service for open network systems. In Winter 1988 USENIX Conference, pages 191--201, Dallas, TX, 1988.
	26	I. Technologies. The iona iportal application server. Technical report, IONA Technologies, 1999.
	27	M. Thompson, S. M. W Johnston, G. Hoo, K. Jackson, and A. Essiari. Certificate-based access control for widely distributed resources. In Proceedings of the Eighth USENIX Security Symposium, pages 215--228, 1999.
	28	W. L. Tin Qian. Active capability: An application specific security and protection model. Technical report, University of Illinois at Urbana-Champaign, 1996.
	29	T. D. Tock. An extensible framework for authentication and delegation. Master's thesis, University of Illinois at Urbana-Champaign, 1994.
	30	Hinkmond Wong, Developing Jini applications using J2ME technology, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2002
	31	Nicholas Yialelis , Morris Sloman, A Security Framework Supporting Domain Based Access Control in Distributed Systems, Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96), p.26, February 22-23, 1996

CITED BY

Joerg Abendroth , Christian D. Jensen, Partial outsourcing: a new paradigm for access control, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy

INDEX TERMS

Keywords:
access control, active software capabilities, policy models

Collaborative Colleagues:

Joerg Abendroth: colleagues

Christian D. Jensen: colleagues

Adobe Acrobat

QuickTime

Windows Media Player

Real Player