A decentralized treatment of a highly distributed Chinese-Wall policy

Access control (AC) technology has come a long way from its roots as the means for sharing resources between processes running on a single machine, to a mechanism for regulating the interaction among agents (software components, and people) distributed throughout the Internet. But despite the distributed nature of the systems being regulated, the conventional enforcement mechanism for AC policies remains basically centralized, where a single (although possibly replicated) reference monitor (RM) is used to mediate the interaction between members of a given community of agents, according to a given policy. This paper demonstrates one of the main drawbacks of centralized AC mechanisms, when applied to distributed systems, and to shows the absence of this drawback under the inherently decentralized law-governed interaction (LGI) mechanism.

[1]  Victoria Ungureanu,et al.  Formal treatment of certificate revocation under communal access control , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[2]  Victoria Ungureanu,et al.  Unified Support for Heterogeneous Security Policies in Distributed Systems , 1998, USENIX Security Symposium.

[3]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[4]  Günter Karjoth The Authorization Service of Tivoli Policy Director , 2001, Seventeenth Annual Computer Security Applications Conference.

[5]  Naftaly H. Minsky,et al.  Establishing enterprise communities , 2001, Proceedings Fifth IEEE International Enterprise Distributed Object Computing Conference.

[6]  Vijayalakshmi Atluri,et al.  A Chinese wall security model for decentralized workflow systems , 2001, CCS '01.

[7]  Naftaly H. Minsky,et al.  Flexible Regulation of Distributed Coalitions , 2003, ESORICS.