论文信息 - MANAGING SECURITY IN OBJECT-BASED DISTRIBUTED SYSTEMS USING PONDER

MANAGING SECURITY IN OBJECT-BASED DISTRIBUTED SYSTEMS USING PONDER

Security management involves specification and deployment of access control policies as well as activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. The management actions to be performed when an event occurs depend on the enterprise policy. Reusable composite policy specifications are important to cater for the complexity of large enterprise information systems. Analysing policies for conflicts is essential for the safe operation of the system. This paper describes the Ponder language for specifying policies for security management of Distributed Systems. Ponder is declarative, stronglytyped and object-oriented which makes the language flexible, scalable and adaptable to a wide range of security requirements.

Morris Sloman | Naranker Dulay | Emil Lupu | Nicodemos Damianou

[1] Sushil Jajodia,et al. A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[2] Damian A. Marriott. Policy Service for Distributed Systems , 1997 .

[3] Fang Chen,et al. Constraints for role-based access control , 1996, RBAC '95.

[4] Emil C. Lupu,et al. Ponder: A Language for Specifying Security and Management Policies for Distributed Systems , 2000 .

[5] Emil C. Lupu,et al. Reconciling role based management and role based access control , 1997, RBAC '97.

[6] M. Sloman,et al. Domains: a framework for structuring management policy , 1994 .

[7] David D. Clark,et al. A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[8] Karl N. Levitt,et al. Security Policy Specification Using a Graphical Approach , 1998, ArXiv.

[9] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[10] Rodolphe Ortalo,et al. A Flexible Method for Information System Security Policy Specification , 1998, ESORICS.

[11] P. Samarati,et al. Access control: principle and practice , 1994, IEEE Communications Magazine.