A User Friendly Guard with Mobile Post-Release Access Control Policy
暂无分享,去创建一个
Information security guards perform an important function in multilevel security (MLS) environments. To perform their functions correctly, guards must contain data release and sanitization rules that accurately reflect the reclassification or declassification requirements to move data across information security boundaries. The current guards, however, require considerable technical skill to express release and sanitization rules, which data producers typically do not possess. Another limitation of the current guards is that once the data passes through a guard, all access control requirements to that data is lost. In this paper, we propose a high-level language to express release and sanitization rules, as well as post-release access control rules. We also describe a prototype that demonstrates the applicability of our approach.
[1] Sushil Jajodia,et al. Propagating Modifications to Mobile Policies , 2002, SEC.
[2] Sushil Jajodia,et al. Obligation monitoring in policy management , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.
[3] Sushil Jajodia,et al. Distributed Policies for Data Management - Making Policies Mobile , 2000, DBSec.
[4] Sushil Jajodia,et al. Provisions and Obligations in Policy Rule Management , 2003, Journal of Network and Systems Management.