A role-based access control model for protection domain derivation and management

We present a role-based access control (RBAC) model for deriving and managing protection domains of dynamically-obtained, remote programs, such as downloaded executable content. These are programs that are obtained from remote sources (e.g., via the web) and executed upon receipt. The protection domains of these programs must be limited to prevent content providers from gaining unauthorized access to the downloading principal’s resources. However, it can be difficult to determine the proper, limited protection domain for a program in which downloading principals need to share some of their resources. Current systems usually rely on one of a number of possible principals to specify the content protection domains, but the exclusion of input from other principals limits the flexibility in which protection domains can be derived and managed. In this paper, we describe a RBAC model for deriving protection domains and managing their evolution throughout the execution of the content. This model accounts for the variety of principals that may be involved in domain derivation and how their input is managed. We demonstrate the use of this model to specify a variety of protection domain derivation and management policies.

[1]  Atul Prakash,et al.  Implementation of a discretionary access control model for script-based systems , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[2]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[3]  T. C. Ting,et al.  Requirements, Capabilities, and Functionalities of User-Role Based Security for an Object-Oriented Design Model , 1991, DBSec.

[4]  David A. Wagner,et al.  A Secure Environment for Untrusted Helper Applications , 1996, USENIX Security Symposium.

[5]  Morrie Gasser,et al.  An architecture for practical delegation in a distributed system , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Nathaniel S. Borenstein,et al.  Computational mail as network infrastructure for computer-supported cooperative work , 1992, CSCW '92.

[7]  Jeremy L. Jacob,et al.  Specifying security for CSCW systems , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[8]  John K. Ousterhout,et al.  Safe Tcl: a toolbox for constructing electronic meeting places , 1995 .

[9]  Daniel F. Sterne,et al.  Practical Domain and Type Enforcement for UNIX , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[10]  Stephen T. Vinter,et al.  Extended discretionary access controls , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[11]  Ian Goldberg,et al.  A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[12]  Mary Ellen Zurko,et al.  User-centered security , 1996, NSPW '96.

[13]  Atul Prakash,et al.  Building systems that flexibly control downloaded executable context , 1996 .

[14]  Atul Prakash,et al.  Flexible control of downloaded executable content , 1999, TSEC.

[15]  Trent Jaeger,et al.  A Flexible Security System for Using Internet Content , 1997, IEEE Softw..

[16]  Li Gong,et al.  New security architectural directions for Java , 1997, COMPCON.

[17]  Trent Jaeger,et al.  A flexible security model for using Internet content , 1997, Proceedings of SRDS'97: 16th IEEE Symposium on Reliable Distributed Systems.

[18]  James A. Gosling,et al.  The java language environment: a white paper , 1995 .

[19]  Atul Prakash,et al.  Support for the file system security requirements of computational E-mail systems , 1994, CCS '94.

[20]  Andrew Berman,et al.  TRON: Process-Specific File Protection for the UNIX Operating System , 1995, USENIX.

[21]  Dan S. Wallach,et al.  Extensible security architectures for Java , 1997, SOSP.

[22]  Nathaniel S. Borenstein,et al.  EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail , 1994, ULPAA.

[23]  Ravi S. Sandhu,et al.  Role-based access control: a multi-dimensional view , 1994, Tenth Annual Computer Security Applications Conference.