In the large scale collaborative systems based on Internet, autonomous domains always share some resources between each other. So the access control mechanism of shared resources need to support multiple security policies, including the security policy of the domain it belongs to and various policies for requests from different cooperative domains. Because the security policy is traditionally hard coded into the access control mechanism, only one kind of access control policy can be supported at the access control mechanism. This paper provides a method to build a flexible security mechanism that separates the access control policy from the access control decision function by using the concept of meta-policy. The flexible security mechanism can support multiple security policies dynamically. The methods has been implemented and verified in a CORBA based system.
[1]
Klaus R. Dittrich,et al.
An Approach for Building Secure Database Federations
,
1994,
VLDB.
[2]
R. Sandhu,et al.
Access control: principles and practice
,
1994,
IEEE Commun. Mag..
[3]
S. Jajodia,et al.
Information Security: An Integrated Collection of Essays
,
1994
.
[4]
Klaus R. Dittrich,et al.
Argos - A Configurable Access Control System for Interoperable Environments
,
1995,
DBSec.
[5]
P. Samarati,et al.
Access control: principle and practice
,
1994,
IEEE Communications Magazine.
[6]
Elisa Bertino,et al.
A model of authorization for next-generation database systems
,
1991,
TODS.