|Title:||Decentralized Enforcement of Security Policies for Distributed Computational Systems
|Abstract:||The shift from single server environments to globally distributed
systems presents a great challenge in terms of defining and
enforcing appropriate security policies. This is, among other
things, due to the fact that the actual order of events in an
asynchronous distributed environment is not always defined. In
addition, security policies often depend on the actual information
exchange among the distributed entities.
In this thesis we study the problem of adapting security policies to distributed environments such as grids and mobile code systems. We define what a global security policy is, and indicate some of the difficulties in translating local policies to the entire distributed environment. Then, we propose efficient and scalable security mechanisms for the enforcement of global security policies in distributed computational systems. These mechanisms are based on multiple instances of execution monitors (smart sandboxes) running on the distributed entities and on efficient security information sharing among them. We show that the subclasses of EM policies enforceable by these mechanisms, contain useful and real live security policies such as global information flow policies.
We provide prototype implementation of the security mechanism capable of defining and enforcing global security policies. This mechanism uses AspectJ to intercept security relevant events before they occur and terminates the execution if a target application is about to violate security policy.
|Copyright||The above paper is copyright by the Technion, Author(s), or others. Please contact the author(s) for more information|
Remark: Any link to this technical report should be to this page (http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-info.cgi/2007/MSC/MSC-2007-22), rather than to the URL of the PDF or PS files directly. The latter URLs may change without notice.
To the list of the MSC technical reports of 2007
To the main CS technical reports page
Computer science department, Technion