Sciweavers

ECOOPW
1999
Springer

Providing Policy-Neutral and Transparent Access Control in Extensible Systems

14 years 3 months ago
Providing Policy-Neutral and Transparent Access Control in Extensible Systems
Extensible systems, such as Java or the SPIN extensible operating system, allow for units of code, or extensions, to be added to a running system in almost arbitrary fashion. Extensions closely interact through low-latency, but type-safe interfaces to form a tightly integrated system. As extensions can come from arbitrary sources, not all of whom can be trusted to conform to an organization's security policy, such structuring raises the question of how security constraints are enforced in an extensible system. In this paper, we present an access control mechanism for extensible systems to address this problem. Our accesscontrol mechanism decomposes access control into a policy-neutral enforcement manager and a security policy manager, and it is transparent to extensions in the absence of security violations. It structures the system into protection domains, enforces protection domains through access control checks, and performs auditing of system operations. It works by inspectin...
Robert Grimm, Brian N. Bershad
Added 04 Aug 2010
Updated 04 Aug 2010
Type Conference
Year 1999
Where ECOOPW
Authors Robert Grimm, Brian N. Bershad
Comments (0)