Security policy coordination for heterogeneous information systems

Coordinating security policies in information enclaves is challenging due to their heterogeneity and autonomy. Administrators must reconcile the semantic diversity of data and security models before negotiating secure interoperation. This paper proposes an architecture that uses mediators and a primitive ticket-based authorization model to manage disparate policies in information enclaves. The formal foundation of the architecture facilitates static and dynamic analysis of global consistency and policy enforcement.

[1]  Bhavani M. Thuraisingham,et al.  A Fine-grained Access Control Model for Object-Oriented DBMSs , 1994, DBSec.

[2]  Sushil Jajodia,et al.  Secure mediated databases , 1996, Proceedings of the Twelfth International Conference on Data Engineering.

[3]  Ward Rosenberry,et al.  Understanding DCE , 1992 .

[4]  Gio Wiederhold,et al.  Mediators in the architecture of future information systems , 1992, Computer.

[5]  Klaus R. Dittrich,et al.  Argos - A Configurable Access Control System for Interoperable Environments , 1995, DBSec.

[6]  Thomas J. Mowbray,et al.  The essential CORBA - systems integration using distributed objects , 1995 .

[7]  R. Sandhu,et al.  Discretionary Access Control In Object-Oriented Databases: Issues And Research Directions , 1993 .

[8]  Graham Hamilton,et al.  Jdbc Database Access with Java: A Tutorial and Annotated Reference , 1997 .

[9]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[10]  Elisa Bertino,et al.  Access Control in Object-Oriented Database Systems - Some Approaches and Issues , 1993, Advanced Database Systems.

[11]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[12]  Sabrina De Capitani di Vimercati,et al.  Authorization Specification and Enforcement in Federated Database Systems , 1997, Journal of computing and security.

[13]  Sujeet Shenoi,et al.  A Framework for High Assurance Security of Distributed Objects , 1996, DBSec.

[14]  Elisa Bertino,et al.  Supporting multiple access control policies in database systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[15]  Hans Hermann Brüggemann,et al.  Rights in an Object-Oriented Environment , 1991, DBSec.

[16]  Hilary H. Hosmer The multipolicy paradigm for trusted systems , 1993, NSPW '92-93.

[17]  David Elliott Bell,et al.  Modeling the "Multipolicy Machine" , 1994, Proceedings New Security Paradigms Workshop.

[18]  Pierangela Samarati,et al.  Secure Interoperation of Heterogeneous Systems: A Mediator-Based Approach , 1998 .

[19]  Ravi Sandhu Access Control: The Neglected Frontier , 1996, ACISP.

[20]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.