Future trustworthy computer systems should provide built-in support for at least the cornerstone security properties of confidentiality, integrity and availability. accesscontrol can help significantly towards achiev...
详细信息
ISBN:
(纸本)9781450312950
Future trustworthy computer systems should provide built-in support for at least the cornerstone security properties of confidentiality, integrity and availability. accesscontrol can help significantly towards achieving this. However, in today's computing landscape, traditional accesscontrol implemented only in software may be either insufficient or non-optimal. We discuss some of these situations. Furthermore, fine-grained accesscontrol and usage control mechanisms implemented in software are themselves subject to attack, and may impose heavy performance overheads. Can new hardware architecture improve the security achievable by software mechanisms for accesscontrol and usage control? If so, what types of hardware support are most useful while retaining the flexibility of software protection mechanisms? What can software do, to help hardware achieve the best results?With the trend towards Cloud Computing, we discuss how new hardware architectural features for cloud servers can help protect the confidentiality and integrity of a cloud customer's code and data in his leased Virtual Machines -- even when the powerful underlying hypervisor may be compromised. This uses a new, non-bypassable form of hardware accesscontrol. Without requiring new hardware, we can also leverage the hardware trend towards manycore chips, and the already available hardware virtualization features, to enhance Cloud Security -- but with a few restrictions and some new software *** general, we would like to motivate collaborations between the software security and the hardware architecture communities to explore software-hardware co-design for security. What comes beyond accesscontrol in cloud computing and mobile computing ecosystems? The goal is to design future trustworthy systems that provide security protections, at the levels needed, when needed, even with malware in the system.
The main goal of modern accesscontrol policy languages is to offer high-level languages, by using which security officers and application developers can express a large variety of access restrictions and isolate the ...
详细信息
We present SEAL, a language for specification and analysis of safety properties for label-based accesscontrol systems. A SEAL program represents a possibly infinite-state non-deterministic transition system describin...
详细信息
The Relationship-Based accesscontrol (ReBAC) model was recently proposed as a general-purpose accesscontrol model. It supports the natural expression of parameterized roles, the composition of policies, and the dele...
详细信息
access-control policy misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration, and, in the context of particular applications (e. g., health care), very severe conseq...
详细信息
ISBN:
(纸本)9781605581293
access-control policy misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration, and, in the context of particular applications (e. g., health care), very severe consequences. In this article we apply association rule mining to the history of accesses to predict changes to access-control policies that are likely to be consistent with users' intentions, so that these changes can be instituted in advance of misconfigurations interfering with legitimate accesses. Instituting these changes requires the consent of the appropriate administrator, of course, and so a primary contribution of our work is how to automatically determine from whom to seek consent and how to minimize the costs of doing so. We show using data from a deployed access-control system that our methods can reduce the number of accesses that would have incurred costly time-of-access delays by 43%, and can correctly predict 58% of the intended policy. These gains are achieved without impacting the total amount of time users spend interacting with the system.
The advent of emerging technologies such asWeb services, serviceoriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from un...
详细信息
In "administrative" accesscontrol, policy controls permissions not just on application actions, but also on actions to modify permissions, on actions to modify permissions on those actions, and so on. One c...
详细信息
暂无评论