Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust, Privacy and Security in Digital Business

TrustBus 2007: Trust, Privacy and Security in Digital Business pp 190–200Cite as

Situation-Based Policy Enforcement

  • Conference paper

  • 514 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4657))

Abstract

Current operating systems enforce access control policies based on completely static rules, a method originating from a time where computers were expensive and had to serve several users simultaneously. Today, as computers are cheap, a trend to mobile workstations can be realized, where a single device is used to perform a dedicated task under unpredictable, changing conditions. However, the static access rules still remain, while their use in mobile environments is limited, because in changing environments, access rights must constantly be adjusted to guarantee data integrity in all situations. With dynamically adjusting rules, in turn, it is not sufficient anymore to check access to data only once; instead, access rights must be revalidated every time data is actually accessed, even if part of that data is cached by an application. In this paper, we present a method to dynamically and retrospectively enforce access control policies based on the context a device is operating in, while tracing data beyond disk accesses.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Dey, A., Salber, D., Abowd, G.D., Futakawa, M.: The conference assistant: Combining context-awareness with wearable computing. In: 3rd International Symposium on Wearable Computers, San Francisco, California, pp. 21–28 (1999)

    Google Scholar 

  2. Saltzer, J., Schroeder, M.: Protection of Information in Computer Systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  3. Wright, C., Cowan, C., Morris, J., Smalley, S., Kroah-Hartman, G.: Linux Security Modules: General Security Support for the Linux Kernel. In: USENIX Security Symposium (2002)

    Google Scholar 

  4. Wright, C., Cowan, C., Morris, J., Smalley, S., Kroah-Hartman, G.: Linux security module framework. In: Ottawa Linux Symposium (2002)

    Google Scholar 

  5. Kumar, A., Karnik, N., Chafle, G.: Context sensitivity in role-based access control. SIGOPS Oper. Syst. Rev. 36(3), 53–66 (2002)

    Article  Google Scholar 

  6. Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)

    Google Scholar 

  7. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  8. Hulsebosch, R.J., Salden, A.H., Bargh, M.S., Ebben, P.W.G., Reitsma, J.: Context sensitive access control. In: SACMAT 2005: Proceedings of the tenth ACM symposium on Access control models and technologies, New York, NY, USA, pp. 111–119. ACM Press, New York (2005)

    Chapter  Google Scholar 

  9. Moyer, M.J., Ahamad, M.: Generalized role-based access control. In: Proceedings of the IEEE International Conference on Distributed Computing Systems, Mesa, Arizona, USA, pp. 391–398. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  10. Covington, M.J., Long, W., Srinivasan, S., Dey, A.K., Ahamad, M., Abowd, G.D.: Securing context-aware applications using environment roles. In: Proceedings of the sixth ACM symposium on Access control models and technologies, pp. 10–20. ACM Press, New York (2001)

    Chapter  Google Scholar 

  11. Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. Technical report, NAI Labs, NSA (2001)

    Google Scholar 

  12. Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. In: USENIX Annual Technical Conference (2001)

    Google Scholar 

  13. Loscocco, P., Smalley, S.: Meeting critical security objectives with security-enhanced linux. In: Ottawa Linux Symposium (2001)

    Google Scholar 

  14. Badger, L., et al.: Practical domain and type enforcement for unix. In: IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1995)

    Google Scholar 

  15. Boebert, W.E., Kain, R.Y.: A practical alternative to hierarchical integrity policies. In: 8th National Computer Security Conference, pp. 18–27 (1985)

    Google Scholar 

  16. Jaeger, T., Sailer, R., Zhang, X.: Analyzing integrity protection in the selinux example policy. In: Proceedings of the 12th USENIX Security Symposium (2003)

    Google Scholar 

  17. Salber, D., Abowd, G.D.: The design and use of a generic context server. In: Proceedings of the Perceptual User Interfaces Workshop (PUI 1998), San Francisco, CA, pp. 63–66 (1998)

    Google Scholar 

  18. Salber, D., Dey, A.K., Abowd, G.D.: The context toolkit: Aiding the development of context-enabled applications. In: Proceeddings of the 1999 Conference on Human Factors in Computing Systems (CHI 1999), Pittsburgh, PA, pp. 434–441 (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technische Universität Darmstadt, Department of Computer Science, Darmstadt, Germany

    Thomas Buntrock, Hans-Christian Esperer & Claudia Eckert

Authors
  1. Thomas Buntrock
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hans-Christian Esperer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Claudia Eckert
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Costas Lambrinoudakis Günther Pernul A Min Tjoa

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Buntrock, T., Esperer, HC., Eckert, C. (2007). Situation-Based Policy Enforcement. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74409-2_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74408-5

  • Online ISBN: 978-3-540-74409-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation