Filters








155,538 Hits in 4.3 sec

Enforcing Security Policies via Types [chapter]

Daniele Gorla, Rosario Pugliese
2004 Lecture Notes in Computer Science  
Type soundness is guaranteed by using a combination of static and dynamic checks, thus enforcing specific security policies on the use of resources.  ...  In this paper, we present a flexible and expressive type system for security for a calculus of distributed and mobile processes.  ...  Our type system permits expressing and enforcing security policies for controlling the access of host resources by possibly malicious mobile processes.  ... 
doi:10.1007/978-3-540-39881-3_10 fatcat:n3gbqygganep7lmeqsywbik65y

Security policies definition and enforcement utilizing policy control function framework in 5G

German Peinado Gomez, Jordi Mongay Batalla, Yoan Miche, Silke Holtmanns, Constandinos X. Mavromoustakis, George Mastorakis, Noman Haider
2021 Computer Communications  
Security policies enforcement via AMF There are two types of policies for access and mobility managed and enforced by the AMF, dictated by PCF and stored in UDR, that can support security use cases without  ...  Security policies enforcement via SMF SMF is responsible for the signalling required to control a PDU session (via N4 signalling), and to set the user plane handling within this PDU session (selection  ... 
doi:10.1016/j.comcom.2021.03.024 fatcat:bjrjogyrqza7fa6capd5b7lcgi

Programming Languages and Systems Security

C. Skalka
2005 IEEE Security and Privacy  
high-level security policies.  ...  For another, many modern languages provide primitive features for specifying and enforcing security policies, such as the ability to modify access-control lists and implement access checks.  ... 
doi:10.1109/msp.2005.77 fatcat:obx3wzet5zgvfaicoxyfjw3uzi

ENGINEERING ACCESS CONTROL IN DISTRIBUTED APPLICATIONS [chapter]

KONSTANTIN BEZNOSOV, YI DENG
2001 Handbook of Software Engineering and Knowledge Engineering  
With "programmatic security," DCOM exposes its security infrastructure to a developer via security APIs 2 so that both clients and objects can enforce their own application-specific authorization policies  ...  User grouping via privilege attributes, object grouping via policy domains, and method grouping via the concept of required rights make CORBA Security highly scalable in terms of security administration  ... 
doi:10.1142/9789812389718_0004 fatcat:q7is3hrlunhbzhd2m52tfniqci

Retrofitting the IBM POWER Hypervisor to Support Mandatory Access Control

Enriquillo Valdez, Reiner Sailer, Ronald Perez
2007 Proceedings of the Computer Security Applications Conference  
However, on hypervisor-based platforms, one cannot currently define a single policy that automatically enforces restrictions on the sharing of resources between multiple VMs or request an air gap between  ...  Our goal is to simplify the security management of data centers through centralized security management and policydriven distributed access control and data protection.  ...  Simple Policies We support two simple orthogonal security policies to govern authorization and resources allocations on PHYP: Simple Type Enforcement (STE) and Chinese Wall Enforcement (CHW).  ... 
doi:10.1109/acsac.2007.4412991 fatcat:r7mii3l2kjf3blblac6cjc5pcm

Retrofitting the IBM POWER Hypervisor to Support Mandatory Access Control

Enriquillo Valdez, Reiner Sailer, Ronald Perez
2007 Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)  
However, on hypervisor-based platforms, one cannot currently define a single policy that automatically enforces restrictions on the sharing of resources between multiple VMs or request an air gap between  ...  Our goal is to simplify the security management of data centers through centralized security management and policydriven distributed access control and data protection.  ...  Simple Policies We support two simple orthogonal security policies to govern authorization and resources allocations on PHYP: Simple Type Enforcement (STE) and Chinese Wall Enforcement (CHW).  ... 
doi:10.1109/acsac.2007.43 dblp:conf/acsac/ValdezSP07 fatcat:mx4qvbzoezbgtd6eujal26jq5q

Generating XACML Enforcement Policies for Role-Based Access Control of XML Documents [chapter]

Alberto De la Rosa Algarín, Timoteus B. Ziminski, Steven A. Demurjian, Yaira K. Rivera Sánchez, Robert Kuykendall
2014 Lecture Notes in Business Information Processing  
In this paper, we present a secure information engineering method that is capable of generating eXtensible Access Control Markup Language (XACML) enforcement policies, defined in a role-based access control  ...  Ensuring the security of electronic data has morphed into one of the most important requirements in domains such as health care, where the eXtensible Markup Language (XML) has been leveraged via standards  ...  To accomplish proper enforcement, we restrict all communication via our in-house developed Middle-Layer Server.  ... 
doi:10.1007/978-3-662-44300-2_2 fatcat:infulmojczh6vb4ho7brfwlqza

Security model for resource availability - subject and object type enforcement

Ole-Erik Hedenstad
2009 MILCOM 2009 - 2009 IEEE Military Communications Conference  
We propose a new security model for resource availability called "subject and object type enforcement" (SOTE).  ...  Type enforcement is well suited for restricting information flows. In particular type enforcements can express intransitive (indirect) information flows.  ...  The type enforcement security model is implemented in Security-Enhanced Linux (SELinux) [15] .  ... 
doi:10.1109/milcom.2009.5380077 fatcat:pm7qvbeedfcqzniclkjvx6egoe

Shamon: A System for Distributed Mandatory Access Control

Jonathan McCune, Trent Jaeger, Stefan Berger, Ramon Caceres, Reiner Sailer
2006 Proceedings of the Computer Security Applications Conference  
We define and demonstrate an approach to securing distributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies across a distributed set of  ...  the Xen hypervisor with a trusted MAC virtual machine built on Linux 2.6 whose reference monitor design requires only 13 authorization checks, only 5 of which apply to normal processing (others are for policy  ...  We find that enforcement is possible with few enforcement points (5 hooks for enforcement) where we can specify MAC policies (e.g., Type Enforcement [11] or Multi-Level Security (MLS) [7] ) at the VM  ... 
doi:10.1109/acsac.2006.47 dblp:conf/acsac/McCuneJBCS06 fatcat:shjc7menozhcbjyjnnkkn6eta4

Protecting the integrity of trusted applications in mobile phone systems

Divya Muthukumaran, Joshua Schiffman, Mohamed Hassan, Anuj Sawani, Vikhyath Rao, Trent Jaeger
2010 Security and Communication Networks  
Our architecture uses reference monitors in the operating system and user-space services to enforce mandatory access control policies that express an approximation of Clark-Wilson integrity.  ...  We find that the performance of enforcement and integrity measurement is satisfactory, and the SELinux policy can be reduced in size by 90% (although even more reduction should ultimately be possible),  ...  SELinux enforces a mandatory access control policy based on an extended Type Enforcement model [4] .  ... 
doi:10.1002/sec.194 fatcat:4pirtz7n2ngqrmajpcpyd5kvoy

Android Security Framework: Enabling Generic and Extensible Access Control on Android [article]

Michael Backes, Sven Bugiel, Sebastian Gerling, Philipp von Styp-Rekowsky
2014 arXiv   pre-print
reference monitoring, and type enforcement.  ...  security modules.  ...  type enforcement [47, 8] .  ... 
arXiv:1404.1395v1 fatcat:vyo3igum7bfidd6mmpx6zbskxa

Policy-Based Security for Wireless Components in High Assurance Computer Systems

Luay A. Wahsheh, Jim Alves-Foss
2007 Journal of Computer Science  
safety-critical multi-enclave systems to provide a framework for supporting the enforcement of diverse security multi-policies.  ...  Applying the policy refinement rules presented in this work for a security enforcement procedure of an application system will reduce the proof effort for secure components.  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of AFRL  ... 
doi:10.3844/jcssp.2007.726.735 fatcat:sxnytehbf5gk3oprkyufdftllq

Enforcing Obligation with Security Monitors [chapter]

Carlos Ribeiro, André Zúquete, Paulo Ferreira
2001 Lecture Notes in Computer Science  
In this paper we identify a restricted type of obligation which is useful to express new security policies.  ...  In addition, this type of obligation is enforceable by security monitors, thus enabling its use on a variety of different platforms.  ...  He showed that several important types of security policies are not enforceable by monitor-like security services, including policies with dependencies in the future such as obligation, and defined the  ... 
doi:10.1007/3-540-45600-7_20 fatcat:xrrf73mozrbtvcwkir25t2laoi

Cross-tier, label-based security enforcement for web applications

Brian J. Corcoran, Nikhil Swamy, Michael Hicks
2009 Proceedings of the 35th SIGMOD international conference on Management of data - SIGMOD '09  
Access to labeled data is mediated via trusted, user-provided policy enforcement functions. SELinks has two novel features that ensure security policies are enforced correctly and efficiently.  ...  Our experience with two sizable web applications, a model health-care database and a secure wiki with fine-grained security policies, indicates that cross-tier policy enforcement in SELinks is flexible  ...  The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory  ... 
doi:10.1145/1559845.1559875 dblp:conf/sigmod/CorcoranSH09 fatcat:bc2zqdokk5hqvhf5e7cbiksccy

Secure virtual enclaves: Supporting coalition use of distributed application technologies

Deborah Shands, Jay Jacobs, Richard Yee, E. John Sebes
2001 ACM Transactions on Privacy and Security  
The system enables dynamic updates to security policies to support changes in both coalition membership and participants' perception of risks.  ...  While the prototype demonstrates fine-grained access control for secure collaborative computing, we have identified significant issues that remain to be addressed, particularly in the area of policy development  ...  Type Enforcement (DTE) [5] policy specification language.  ... 
doi:10.1145/501963.501964 fatcat:uwik2c2qsbd6znro73hnotiaje
« Previous Showing results 1 — 15 out of 155,538 results