Skip to main content
SpringerLink
Log in
Book cover

Secure Internet Programming pp 289–316Cite as

Access Control in Configurable Systems

  • Chapter

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1603))

Abstract

In a configurable system, operating systems and applications are composed dynamically from executable modules. Since dynamically downloaded modules may not be entirely trusted, the system must be able to restrict their access rights. Current systems assign permissions to modules based on their executor, provider, and/or name. Since such modules may serve specific purposes in programs (i.e., services or applications), it should be possible to restrict their access rights based on the program for which they are used and the current state of that program. In this paper, we examine the access control infrastructure required to support the composition of systems and applications from modules. Access control infrastructure consists primarily of two functions: access control policy specification and enforcement of that policy. We survey representations for access control policy specification and mechanisms for access control policy enforcement to show the flexibility they provide and their limits. We then show how the Lava Security Architecture is designed to support flexible policy specification and enforcement.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. J. P. Anderson. Computer security technology planning study. Technical Report ESD-TR-73-51, James P. Anderson and Co., Fort Washington, PA, USA, 1972.

    Google Scholar 

  2. L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker, and S. A. Haghighat. Practical domain and type enforcement for UNIX. In IEEE Symposium on Security and Privacy, pages 66–77, 1995.

    Google Scholar 

  3. D. E. Bell and L. J. LaPadula. Secure computer system: Unified exposition and Multics interpretation. Technical Report MTR-2997, Mitre Corporation, January 1976.

    Google Scholar 

  4. B. N. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. E. Fiuczynski, D. Becker, C. Chambers, and S. Eggers. Extensibility, safety, and performance in the SPIN operating system. In Proceedings of the 15th Symposium on Operating Systems Principles, pages 267–284, 1995.

    Google Scholar 

  5. E. Bertino, E. Ferrari, and V. Atluri. A flexible model for the specification and enforcement of role-based authorizations in workflow management systems. In Proceedings of the Second ACM Role-Based Access Control Workshop, November 1997.

    Google Scholar 

  6. M. Bishop and M. Dilger. Checking for race conditions in file accesses. Computing Systems, 9(2):131–152, 1996.

    Google Scholar 

  7. W. E. Boebert and R. Y. Kain. A practical alternative to hierarchical integrity policies. In Proceedings of the 8th National Computer Security Conference, pages 18–27, 1985.

    Google Scholar 

  8. D. F. C. Brewer and M. J. Nash. The Chinese Wall security policy. In Proceedings of IEEE Symposium on Security and Privacy, pages 206–214, 1989.

    Google Scholar 

  9. J. S. Chase, H. M. Levy, M. J. Feeley, and E. D. Lazowska. Sharing and protection in a single-address-space operating system. ACM Transactions on Computer Systems, 12(4):271–307, November 1994.

    Article  Google Scholar 

  10. J. B. Dennis and E. C. Van Horn. Programming semantics for multiprogrammed computations. Communications of the ACM, 9(3):143–155, March 1966.

    Article  MATH  Google Scholar 

  11. S. Dorward, R. Pike, and P. Winterbottom. Inferno: la commedia interattiva, 1996. Available from inferno.bell-labs.com.

    Google Scholar 

  12. D. Engler, F. Kaashoek, and J. O’Toole. Exokernel: An operating system architecture for application level resource management. In Proceedings of the 15th Symposium on Operating Systems Principles, pages 251–266, December 1995.

    Google Scholar 

  13. J. G. Mitchell et al. An overview of the Spring system. In Proceedings of Compcon, February 1994.

    Google Scholar 

  14. B. Ford, G. Back, G. Benson, J. Lepreau, A. Lin, and O. Shivers. The Flux OSKit: A substrate for kernel and language research. In Proceedings of the 16th Symposium on Operating Systems Principles, pages 38–51, 1997.

    Google Scholar 

  15. L. Giuri and P. Iglio. Role templates for content-based access control. In Proceedings of the Second ACM Role-Based Access Control Workshop, November 1997.

    Google Scholar 

  16. Y. Goldberg, M. Safran, and E. Shapiro. Active Mail — a framework for implementing groupware. In CSCW 92 Proceedings, pages 75–83, 1992.

    Google Scholar 

  17. L. Gong. Java security: present and near future. IEEE Micro, 17(3):14–19, 1997.

    Article  Google Scholar 

  18. L. Gong, M. Mueller, H. Prefullchandra, and R. Schemers. An overview of the new security architecture in the Java Development Kit 1.2. In Proceedings of the USENIX Symposium on Internet Technologies and Systems, pages 103–112, December 1997.

    Google Scholar 

  19. Object Management Group. Security service specification. In CORBAservices: Common Object Services Specification, chapter 15. November 1997. Available from http://www.omg.org.

  20. T. Jaeger, K. Elphinstone, J. Liedtke, V. Panteleenko, and Y. Park. Flexible access control using IPC redirection. In Proceedings of the 7th Workshop on Hot Topics in Operating Systems, 1999. To appear.

    Google Scholar 

  21. T. Jaeger, J. Liedtke, and N. Islam. Operating system protection for fine-grained programs. In Proceedings of the 7th USENIX Security Symposium, pages 143–156, January 1998.

    Google Scholar 

  22. T. Jaeger and A. Prakash. Support for the file system security requirements of computational e-mail systems. In Proceedings of the 2nd ACM Conference on Computer and Communications Security, pages 1–9, 1994.

    Google Scholar 

  23. T. Jaeger, A. Prakash, J. Liedtke, and N. Islam. Flexible control of downloaded executable content. ACM Transactions on Information System Security, May 1999. To appear.

    Google Scholar 

  24. T. Jaeger, A. Rubin, and A. Prakash. Building systems that flexibly control downloaded executable content. In Proceedings of the 6th USENIX Security Symposium, pages 131–148, July 1996.

    Google Scholar 

  25. G. Karjoth. Authorization in CORBA security. In Proceedings of ESORICS’ 98, 1998.

    Google Scholar 

  26. M. Knister and A. Prakash. Issues in the design of a toolkit for supporting multiple group editors. Computing Systems, 6(2):135–166, 1993.

    Google Scholar 

  27. B. Lampson. Protection. ACM Operating Systems Review, 8(1):18–24, January 1974.

    Article  Google Scholar 

  28. J. Liedtke. Clans & chiefs. In Architektur von Rechensystemen. Springer-Verlag, March 1992. In English.

    Google Scholar 

  29. J. Liedtke. Improving IPC by kernel design. In Proceedings of the 14th Symposium on Operating Systems Principles, pages 175–187, 1993.

    Google Scholar 

  30. J. Liedtke, N. Islam, and T. Jaeger. Preventing denial-of-service attacks on a μ-kernel for WebOSes. In Proceedings of the Sixth Workshop on Hot Topics in Operating Systems, pages 73–79, May 1997.

    Google Scholar 

  31. E. C. Lupu and M. Sloman. Reconciling role-based management and role-based access control. In Proceedings of the Second ACM Role-Based Access Control Workshop, November 1997.

    Google Scholar 

  32. S. D. Majewski. Distributed programming: Agentware/ componentware/ distributed objects. Available at http://minsky.med.virginia.edu/sdm7g/Projects/Python/SafePython.html.

  33. S. E. Minear. Providing policy control over object operations in a Mach-based system. In Proceedings of the 5th USENIX Security Symposium, 1995.

    Google Scholar 

  34. N. H. Minsky and V. Ungureanu. Unified support for heterogenous security policies in distributed systems. In Proceedings of the 7th USENIX Security Symposium, pages 131–142, January 1998.

    Google Scholar 

  35. J. K. Ousterhout, J. Y. Levy, and B. B. Welch. The Safe-Tcl security model. In Proceedings of the 23rd USENIX Annual Technical Conference, 1998.

    Google Scholar 

  36. R. Rashid, A. Tevanian Jr., M. Young, D. Golub, D. Baron, D. Black, W. J. Bolosky, and J. Chew. Machine-independent virtual memory management for paged uniprocessor and multiprocessor architectures. IEEE Transactions on Computers, 37(8):896–908, August 1988.

    Article  Google Scholar 

  37. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, September 1975.

    Article  Google Scholar 

  38. R. Sandhu. Rationale for the RBAC96 family of access control models. In Proceedings of the 1st Workshop on Role-Based Access Control, 1995.

    Google Scholar 

  39. R. Sandhu. Role activation hierarchies. In Proceedings of the Third Workshop on Role-Based Access Control, 1998.

    Google Scholar 

  40. R. S. Sandhu, V. Bhamidipati, E. Coyne, S. Ganta, and C. Youman. The ARBAC97 model for role-based administration of roles: preliminary description and outline. In Proceedings of the Second Workshop on Role-Based Access Control, pages 41–50, 1997.

    Google Scholar 

  41. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38–47, February 1996.

    Google Scholar 

  42. M. I. Seltzer, Y. Endo, C. Small, and K. A. Smith. Dealing with disaster: Surviving misbehaved kernel extensions. In Proceedings of the 2nd Conference on Operating Systems Design and Implementation, pages 213–227, 1996.

    Google Scholar 

  43. D. Thomsen, D. O’Brien, and J. Bogle. Role based access control framework for network enterprises. In Proceedings of the Fourteenth Computer Security Applications Conference, 1998.

    Google Scholar 

  44. J. Vochteloo, K. Elphinstone, S. Russell, and G. Heiser. Protection domain extensions in Mungi. In Proceedings of the Fifth International Workshop on Object Orientation in Operating Systems, pages 161–165, October 1996.

    Google Scholar 

  45. D. S. Wallach and E. W. Felten. Understanding Java stack introspection. In Proceedings of IEEE Symposium on Security and Privacy, 1998.

    Google Scholar 

  46. P. Wayner. Agents Unleashed. AP Professional, 1995.

    Google Scholar 

  47. M. V. Wilkes and R. M. Needham. The Cambridge CAP Computer and Its Operating System. North Holland, 1979.

    Google Scholar 

  48. W. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, and F. Pollack. HYDRA: The kernel of a multiprocessor operating system. Communications of the ACM, 17(6):337–345, June 1974.

    Article  Google Scholar 

  49. M. E. Zurko and R. Simon. User-centered security. In Proceedings of the 1996 New Security Paradigms Workshop, 1996.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM Thomas J. Watson Research Center, 30 Saw Mill River Rd., Hawthorne, NY, 10532, USA

    Trent Jaeger

Authors
  1. Trent Jaeger
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Object Systems Group, University of Geneva, CH-1211, Geneva 4, Switzerland

    Jan Vitek

  2. Department of Computer Science, O’Reilly Institute, Trinity College Dublin, Dublin 2, Ireland

    Christian D. Jensen

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Jaeger, T. (1999). Access Control in Configurable Systems. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_14

Download citation

  • DOI: https://doi.org/10.1007/3-540-48749-2_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66130-6

  • Online ISBN: 978-3-540-48749-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation