论文信息 - A Proposed Mechanism for Implementation of Non-Discretionary Access Controls in a Network Environment

A Proposed Mechanism for Implementation of Non-Discretionary Access Controls in a Network Environment

Abstract This paper investigates moving Lampson's reference monitor abstraction from the single system environment to a range of networked distributed systems which include interconnected office information systems. It suggests modifying our implementation of the abstraction from the traditional security kernel to a dual approach using a basic, node level reference monitor and a system level reference monitor that we choose to call a sentinel. An argument is presented that the sentinel meets the requirements of a reference monitor in that it provides separation, mediation, and can be formally verified. The approach to installing a sentinel is viewed as top down with great emphasis on the security mode implemented at each participating node.

Rayford B. Vaughn | Hossein Saiedian | Elizabeth A. Unger

[1] James P. Anderson. A Unification of Computer and Network Security Concepts , 1985, 1985 IEEE Symposium on Security and Privacy.

[2] Rayford B. Vaughn,et al. A survey of security issues in office computation and the application of secure computing models to office systems , 1993, Comput. Secur..

[3] Selim G. Aki. Digital signatures: A tutorial survey , 1983, Computer.

[4] Jr. Rayford B. Vaughn. A security architecture for office automation systems , 1988 .

[5] Carole S. Jordan. A Guide to Understanding Discretionary Access Control in Trusted Systems , 1987 .

[6] Stephen T. Walker. Network Security Overview , 1985, 1985 IEEE Symposium on Security and Privacy.

[7] Dan M. Nessett. Factors Affecting Distributed System Security , 1986, 1986 IEEE Symposium on Security and Privacy.

[8] Morrie Gasser,et al. Security Kernel Design and Implementation: An Introduction , 1983, Computer.

[9] Deborah Estrin. Non-Discretionary Controls for Inter-Organization Networks , 1985, 1985 IEEE Symposium on Security and Privacy.

[10] Joyce K. Reynolds,et al. The Helminthiasis of the Internet , 1989, Comput. Networks ISDN Syst..

[11] Carl E. Landwehr,et al. Formal Models for Computer Security , 1981, CSUR.

[12] Deborah Estrin. Controls for Interorganization Networks , 1987, IEEE Transactions on Software Engineering.

[13] Philippe A. Janson,et al. Security in Open Networks and Distributed Systems , 1991, Comput. Networks ISDN Syst..