Label-Based Access Control Policy Enforcement and Management

To effectively participate in modern collaborations, member organizations must be able to share specific data and functionality with collaboration partners, while ensuring their resources are safe from inappropriate access. This requires access control models, policies, and enforcement mechanisms for the shared resources. This paper specifically addresses how to reduce the information leaks caused by authorization policies used in collaborative computing environment. The basic principle is defining some labels that specify the information flow constraints, and assigning them to authorization policy components. The usages of labeled policy components must obey the information flows constraints defined by the labels in order to avoid authorization policy components being misused. This label can also improve the authorization policy administration

[1]  Armin Eberlein,et al.  Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing , 2009, Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[2]  David M. Eyers,et al.  Policy contexts: controlling information flow in parameterised RBAC , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[3]  David M. Eyers,et al.  A formal model for hierarchical policy contexts , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[4]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[5]  Ian T. Foster,et al.  The Community Authorization Service: Status and Future , 2003, ArXiv.

[6]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[7]  Andrew C. Myers,et al.  Complete, safe information flow with decentralized labels , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).