Providing Policy-Neutral and Transparent Access Control in Extensible Systems
- 1 January 1999
- book chapter
- Published by Springer Science and Business Media LLC
- p. 317-338
- https://doi.org/10.1007/3-540-48749-2_15
Abstract
Extensible systems, such as Java or the SPIN extensible operating system, allow for units of code, or extensions, to be added to a running system in almost arbitrary fashion. Extensions closely interact through low-latency, but type-safe interfaces to form a tightly integrated system. As extensions can come from arbitrary sources, not all of whom can be trusted to conform to an organization’s security policy, such structuring raises the question of how security constraints are enforced in an extensible system. In this paper, we present an access control mechanism for extensible systems to address this problem. Our access control mechanism decomposes access control into a policy-neutral enforcement manager and a security policy manager, and it is transparent to extensions in the absence of security violations. It structures the system into protection domains, enforces protection domains through access control checks, and performs auditing of system operations. The access control mechanism works by inspecting extensions for their types and operations to determine which abstractions require protection, and by redirecting procedure or method invocations to inject access control operations into the system. We describe the design of this access control mechanism, present an implementation within the SPIN extensible operating system, and provide a qualitative as well as quantitative evaluation of the mechanism.Keywords
This publication has 27 references indexed in Scilit:
- The Chinese Wall security policyPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Java security: from HotJava to Netscape and beyondPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Practical Domain and Type Enforcement for UNIXPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- A protection scheme for mobile agents on JavaPublished by Association for Computing Machinery (ACM) ,1997
- Java security: present and near futureIEEE Micro, 1997
- Extensibility safety and performance in the SPIN operating systemPublished by Association for Computing Machinery (ACM) ,1995
- Authentication in distributed systemsACM Transactions on Computer Systems, 1992
- A Comparison of Commercial and Military Computer Security PoliciesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1987
- A lattice model of secure information flowCommunications of the ACM, 1976
- ProtectionACM SIGOPS Operating Systems Review, 1974