Developing and using a “policy neutral” access control policy

The foundation for security enforcement is access control. Resources must be protected against access by unauthorized entities. Furthermore, authorized entities must be prevented from accessing resources in inappropriate ways. A major challenge to the developer of an access control policy is to provide users the flexibility to protect their resources as they see fit; system policies that am inconsistent with user needs are inadequate. In particular, systems that enforce a single, hard-coded policy cannot satisfy the needs of all users. As part of the Distributed Trusted Operating System (DTOS) program, we have developed and implemented a flexible security architecture using the Mach microkemel. In this architecture, the security rules enforced by the system are defined by a system component outside the microkemel. This reduces the problem of sup porting other security policies to redefining this system component; the same microkemel can be used to support a wide range of policies. Formal methods were used to provide a rigorous approach for the development of the policy. Recognizing that most people are uninterested in reading security requirements stated in formal specification languages, an approach was developed for representing and maintaining the policy in a tabular format. This paper describes the flexibility of the DTOS security architecture and the approach used in developing the access control policy for this flexible architecture. It also gives examples of how to detine a component that makes security decisions for the microkernel.’

[1]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[2]  Martín Abadi,et al.  Composing Specifications , 1989, REX Workshop.

[3]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  T. Fine A framework for composition , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[5]  Richard A. Kemmerer,et al.  Specification and verification of the UCLA Unix security kernel , 1979, CACM.

[6]  Hilary H. Hosmer,et al.  Using fuzzy logic to represent security policies in the multipolicy paradigm , 1992, SGSC.

[7]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[8]  Spencer E. Minear,et al.  Providing Policy Control Over Object Operations in a Mach-Based System , 1995, USENIX Security Symposium.

[9]  Todd Fine,et al.  Assuring Distributed Trusted Mach , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[11]  Harold Joseph Highland,et al.  15th National Computer Security Conference , 1993 .