Sciweavers

IJNSEC
2007

Virtual Private Services: Coordinated Policy Enforcement for Distributed Applications

13 years 11 months ago
Virtual Private Services: Coordinated Policy Enforcement for Distributed Applications
Large scale distributed applications combine network access with multiple storage and computational elements. The distributed responsibility for resource control creates new security issues, caused by the complexity of the operating environment. In particular, policies at multiple layers and locations force conventional mechanisms such as firewalls and compartmented file storage into roles where they are clumsy and failure-prone. Our approach relies on two functional divisions. First, we split policy specification and policy enforcement, providing local autonomy within the constraints of the global security policy. Second, we create virtual security domains each with its own security policy. Every domain has an associated set of privileges and permissions restricting it to the resources it needs to use and the services it must perform. Virtual private services ensure security and privacy policies are adhered to through coordinated policy enforcement points.
Sotiris Ioannidis, Steven M. Bellovin, John Ioanni
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2007
Where IJNSEC
Authors Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, Kostas G. Anagnostakis, Jonathan M. Smith
Comments (0)