David F. Ferraiolo
ABSTRACT
As a major component of any host, or network operating system, access control mechanisms come in a wide variety of forms, each with their individual attributes, functions, methods for configuring policy, and a tight coupling to a class of policies. To afford generalized protection, NIST has initiated a project in pursuit of a standardized access control mechanism, referred to as the Policy Machine (PM) that requires changes only in its configuration in the enforcement of arbitrary and organization specific attribute-based access control policies. Included among the PM's enforceable policies are combinations of policy instances (e.g., Role-Based Access Control and Multi-Level Security). In our effort to devise a generic access control mechanism, we construct the PM in terms of what we believe to be abstractions, properties and functions that are fundamental to policy configuration and enforcement. In its protection of objects under one or more policy instances, the PM categorizes users and objects and their attributes into policy classes, and transparently enforces these policies through a series of fixed PM functions, that are invoked in response to user or subject (process) access requests.
- National Commission on Terrorist Attacks Upon the United States. The 9/11 Commission Report, 2004.Google Scholar
- Anderson, J.P., Computer Security Technology Planning Study, Tech Report ESD-TR-73-51, US Air Force Electronic Systems Div., Hanscom AFB, 1972.Google Scholar
- B. Lampson. Protection. ACM Operating Sys. Reviews, 8, 1 (1974), 18--24. Google ScholarDigital Library
- Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. Proc. IEEE, 63, 9 (September 1975), 1278--1308.Google ScholarCross Ref
- ANSI INCITS 359-2004, Role-Based Access Control.Google Scholar
- D. Bell and La Padula. Secure computer systems: unified exposition and MULTICS. Report ESD-TR-75-306, The MITRE Corporation, Bedford, Massachusetts, March 1976.Google ScholarCross Ref
- Peter A. Loscocco, and Stephen P. Smalley. Meeting Critical Security Objectives with Security Enhanced Linux, Proc. 2001 Ottowa Linux Symposium, 2001.Google Scholar
- D.F. Ferraiolo, J. Barkley, D.R. Kuhn, A Role Based Access Control Model and Reference Implementation within a Corporate Intranet, ACM Transactions on Information Systems Security, 1, 2 (February 1999), 34--64. Google ScholarDigital Library
- K. J. Biba. Integrity Considerations for Secure Computer Systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Hanscom Air Force Base, Bedford, Massachusetts, (April 1977).Google Scholar
- G. Saunders. Role-Based Access Control and the Access Control Matrix. ACM SIGOPS Operating System and Review, 35, 4 (2001), 6--20. Google ScholarDigital Library
- L. Badger, et al. A Domain and Type Enforcement Prototype. Computing Systems, 9, 1 (1996), 47--83.Google Scholar
- R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-Based Access Control Models, IEEE Computer, 29, 2 (Feb. 1996), 38--47. Google ScholarDigital Library
- S. Osborn, R. Sandhu, and Q. Munawer. Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies, ACM Transactions on Information and Systems Security, 3, 2 (May 2002), 85--106. Google ScholarDigital Library
- S. Jajodia, S. Pierangela, M. L. Sapino, V. S. Sabrahmanian. Flexible Support for Multiple Access Control Policies, ACM Transactions on Database Systems, 26, 2 (June 2001), 214--260. Google ScholarDigital Library
Index Terms
- Composing and combining policies under the policy machine
Recommendations
The Policy Machine: A novel architecture and framework for access control policy specification and enforcement
The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to generically ...
Constraint generation for separation of duty
SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologiesSeparation of Duty (SoD) is widely recognized to be a fundamental principle in computer security. A Static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain ...
Mitigating conflicts of interest by authorization policies
SIN '15: Proceedings of the 8th International Conference on Security of Information and NetworksIn many organizations, there are numerous business processes that involve sensitive tasks that may encourage corruption. Conflict of interest policies are defined in an organization to deter corruption before it can happen. Existing research generally ...
Comments