Abstract
Information security guards perform an important function in multilevel security (MLS) environments. To perform their functions correctly, guards must contain data release and sanitization rules that accurately reflect the reclassification or declassification requirements to move data across information security boundaries. The current guards, however, require considerable technical skill to express release and sanitization rules, which data producers typically do not possess. Another limitation of the current guards is that once the data passes through a guard, all access control requirements to that data is lost. In this paper, we propose a high-level language to express release and sanitization rules, as well as post-release access control rules. We also describe a prototype that demonstrates the applicability of our approach.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35691-4_52
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Claudio Bettini, Sushil Jajodia, X. Sean Wang, Duminda Wijesekera, “Obligation monitoring in policy
management,“ Proc. 3rd International Workshop on Policies tor Distributed Systems and Networks (POLICY 2002). Monterey. CA, June 2002, To appear.
S. Chapin. S, Jajodia, and D. Faatz, “Distributed Policies for Data Management Making Policies Mobile;’ Proc. 14th IFIP 11.3 lVorkia,4 Conference on Database Security, Schoorl, Netherlands, August 2000.
DCID6/3, Available at: hap://www.fas.org/irp/offdocs/DCID_6–3_20Manuat.htm
V. Doshi, A. Fayad, 5, Jajodia, and R. Maclean, “Using Attribute Certificates and Mobile Policies in Electronic Commerce Applications; ’ Proc. 16111 Annual Computer Security Applications Cogl:, 2000, pages 298–307.
Joshua D. Guttman, John D. Ramsdell, and Vipin Swamp, “Felt: A Security Filter Compiler,” Revision 2, Technical Report,The MITRE Corporation, 1999.
Sushil Jajodia, Michiharu Kudo, V. S. Subrahnumian, —Provisional authorizations,“ in E-Conunerre Security and Privacy, Anup Ghost], ed„ Kluwer Academic Publishers, Boston, 2001, pages 133–159.
K. Smith. D. Faatz, A. Fayad, and S. Jajodia, “Propagating Modifications to Mobile Policies,” Pror. /7111 IFIP 11 international conference on Information Security. Cairo, Egypt, May 2002, To appear.
V. Swauup. “Automatic generation of high assurance security guard filters,” Proc. 17th National Computer Security Coglerenre, Baltimore, Md., October 1994.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this paper
Cite this paper
Williams, D.E., Fayad, A., Jajodia, S., Calle, D. (2003). A User Friendly Guard with Mobile Post-Release Access Control Policy. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S. (eds) Security and Privacy in the Age of Uncertainty. SEC 2003. IFIP — The International Federation for Information Processing, vol 122. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35691-4_23
Download citation
DOI: https://doi.org/10.1007/978-0-387-35691-4_23
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6489-5
Online ISBN: 978-0-387-35691-4
eBook Packages: Springer Book Archive