On Paradigms for Security Policies in Multipolicy Environments [chapter]

Winfried E. Kühnhauser
1995 IFIP Advances in Information and Communication Technology  
For many years the traditional concept of the reference monitor has proven to be a sound architectural foundation for secure computer systems. However, with the advent of distributed systems and multiple, user-defined application-specific security policies the limitations of reference monitors become more and more obvious. Recently, two concepts have been proposed that aim at supporting user-defined security policies in a distributed multipolicy environment. This paper is a comparative study of
more » ... these concepts. It discusses their major conceptual differences with respect to supporting discretionary and mandatory security policies, policy encapsulation and separation, multiple security policy and metapolicy support and the amount of support required of an underlying policy neutral reference monitor.
doi:10.1007/978-0-387-34873-5_32 fatcat:7cvyijhuibaxpoqdk46u656nty