Title :
Representation and evaluation of security policies for distributed system services
Author :
Ryutov, Tatyana ; Neuman, Clifford
Author_Institution :
Inf. Sci. Inst., Univ. of Southern California, Marina del Rey, CA, USA
fDate :
6/22/1905 12:00:00 AM
Abstract :
We present a new model for authorization that integrates both local and distributed access control policies and that is extensible across applications and administrative domains. We introduce a general mechanism that is capable of implementing several security policies including role-based access control, Clark-Wilson, ACLs, capabilities, and lattice-based access controls. The generic authorization and access-control API (GAA API) provides a generic framework by which applications facilitate access control decisions and request authorization information about a particular resource. We have integrated our system with the Prospero resource manager and globus security, infrastructure
Keywords :
application program interfaces; authorisation; distributed processing; authorization; distributed access control; distributed system services; generic authorization and access-control API; role-based access control; security policies; Access control; Authorization; Electrical capacitance tomography; Information security; Lattices; Metacomputing; Permission; Protection; Resource management; Web and internet services;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings
Conference_Location :
Hilton Head, SC
Print_ISBN :
0-7695-0490-6
DOI :
10.1109/DISCEX.2000.821518
