Academic Journals Database
Disseminating quality controlled scientific knowledge

Designing, Capturing and Validating History-Sensitive Security Policies for Distributed Systems

Author(s): A.M. Hernandez | F. Nielson | H. Riis-Nielson

Journal: Scientific Annals of Computer Science
ISSN 1843-8121

Volume: 21;
Issue: 1;
Start page: 107;
Date: 2011;
VIEW PDF   PDF DOWNLOAD PDF   Download PDF Original page

We consider the use of Aspect-oriented techniques as a flexible way to deal with security policies in distributed systems. We follow the approach of attaching security policies to the relevant locations that must be governed by them, and then combining them at runtime according to the interactions that happen. Recent work suggests using Aspects in this way to analyse the future behaviour of programs and to make access control decisions based on this; this gives the flavour of dealing with information flow rather than mere access control. We show in this paper that it is beneficial to augment this approach with history-based components, as is traditional in reference-monitor-based approaches to mandatory access control. Our developments are performed in an Aspect-oriented coordination language, aiming to describe the Bell-LaPadula policy as elegantly as possible. Furthermore, the resulting language has the capability of combining both history-sensitive and future-sensitive policies, providing even more flexibility and power. Moreover, we propose a global Logic for reasoning about the systems designed with this language. We show how the Logic can be used to validate the combination of security policies in a distributed system, either with or without exploring the entire state space.

Tango Jona
Tangokurs Rapperswil-Jona

RPA Switzerland

Robotic Process Automation Switzerland