Title :
Compile-Time Enforcement of Dynamic Security Policies
Author :
Eyers, David M. ; Srinivasan, Sriram ; Moody, Ken ; Bacon, Jean
Author_Institution :
Comput. Lab., Univ. of Cambridge, Cambridge
Abstract :
Dynamic separation of duties, delegation and other dynamic security constraints require the state of the security system to be managed explicitly at run-time in software. The majority of this software is still programmed directly by humans, and is thus susceptible to errors that will impact the overall functionality and security of the system. In this paper we demonstrate a technique for statically checking properties of the software that manages dynamic security policies. We base our work on Kilim, a shared-nothing, message-passing Java framework that provides a faster, safer alternative to the dominant shared-memory and locking paradigm. We demonstrate that Kilim´s static, compile- time verification of type linearity can also effect validation of aspects of dynamic security systems. We describe our initial steps toward the use of Kilim to support active, distributed security infrastructure.
Keywords :
distributed processing; security of data; compile-time enforcement; distributed security infrastructure; dynamic security policies; dynamic security systems; message-passing Java framework; shared-memory paradigm; Access control; Computer networks; Computer security; Conferences; Distributed computing; Dynamic compiler; ISO standards; Java; Linearity; Yarn; Dynamic security constraints; Kilim; compile-time security enforcement;
Conference_Titel :
Policies for Distributed Systems and Networks, 2008. POLICY 2008. IEEE Workshop on
Conference_Location :
Palisades, NY
Print_ISBN :
978-0-7695-3133-5
DOI :
10.1109/POLICY.2008.24
