Access control in configurable systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations

Abstract

In a configurable system, operating systems and applications are composed dynamically from executable modules. Since dyneimically downloaded modules may not be entirely trusted, the system must be able to restrict their access rights. Current systems assign permissions to modules based on their executor, provider, and/or name. Since such modules may serve specific purposes in programs (i.e., services or applications), it should be possible to restrict their access rights based on the program for which they are used and the current state of that program. In this paper, we examine the access control infrastructure required to support the composition of systems and applications from modules. Access control infrastructure consists primarily of two functions: access control policy specification and enforcement of that policy. We survey representations for access control policy specification and mechanisms for access control policy enforcement to show the flexibility they provide and their limits. We then show how the Lava Security Architecture is designed to support flexible policy specification and enforcement.

Original languageEnglish (US)
Title of host publicationSecure Internet Programming - Security Issues for Mobile and Distributed Objects
EditorsChristian D. Jensen, Jan Vitek
PublisherSpringer Verlag
Pages289-316
Number of pages28
ISBN (Print)9783540661306
Publication statusPublished - Jan 1 1999
EventEuropean Workshop on Distributed Object Security, EWDOS 1998 and Workshop on Mobile Object Systems: Secure Internet Mobile Computations, MOS 1998 held in conjunction with European Conference on Object-Oriented Programming, ECOOP 1998 - Brussels, Belgium
Duration: Jul 21 1998Jul 21 1998

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume1603
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

OtherEuropean Workshop on Distributed Object Security, EWDOS 1998 and Workshop on Mobile Object Systems: Secure Internet Mobile Computations, MOS 1998 held in conjunction with European Conference on Object-Oriented Programming, ECOOP 1998
CountryBelgium
CityBrussels
Period7/21/987/21/98

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Jaeger, T. (1999). Access control in configurable systems. In C. D. Jensen, & J. Vitek (Eds.), Secure Internet Programming - Security Issues for Mobile and Distributed Objects (pp. 289-316). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 1603). Springer Verlag.