The question before the panel: Considering all factors (for example: quality of protection, performance, compatibility, ease of use), which operating system accesscontrol technique will provide the greatest overall b...
ISBN:
(纸本)9781581133509
The question before the panel: Considering all factors (for example: quality of protection, performance, compatibility, ease of use), which operating system accesscontrol technique will provide the greatest overall benefit to users?
Research on accesscontrolmodels was started in the 1960s and 1970s by the two thrusts of mandatory and discretionary accesscontrol. Mandatory accesscontrol (MAC) came from the military and national security arenas...
ISBN:
(纸本)9781581133509
Research on accesscontrolmodels was started in the 1960s and 1970s by the two thrusts of mandatory and discretionary accesscontrol. Mandatory accesscontrol (MAC) came from the military and national security arenas whereas discretionary accesscontrol (DAC) had its roots in academic and commercial research laboratories. These two thrusts were dominant through the 1970s and 1980s almost to exclusion of any other approach to accesscontrolmodels. In the 1990s we have seen a dramatic shift towards pragmatism. The dominant access-control model of the 1990s is role-based accesscontrol (RBAC). It is now understood that RBAC encompasses MAC and DAC as special cases and goes beyond them in providing a policy-neutral framework. This SacmAT meeting has evolved from a highly successful and productive series of acm workshops on RBAC. This panel will address the basic question of where do we go next with accesscontrolmodels. Do we need additional models or can we simply evolve the current set of RBAC models? Is RBAC fundamentally deficient in some way? Where should be go in terms of standards? Is there useful formal and theoretical work to be done in the accesscontrolmodels arena? The first meeting with the title SacmAT is a fitting place to address these questions.
The specification of constraint languages for accesscontrolmodels has proven to be difficult but remains necessary for safety and for mandatory accesscontrol policies. While the authorisation relation $(Subject \ti...
详细信息
ISBN:
(纸本)9781581133509
The specification of constraint languages for accesscontrolmodels has proven to be difficult but remains necessary for safety and for mandatory accesscontrol policies. While the authorisation relation $(Subject \times Object \rightarrow \pow Right)$ defines the authorised permissions an authorisation schema defines how the various concepts (such as subjects, users, roles, labels) are combined to form a complete accesscontrol *** examples drawn from common accesscontrolmodels in the literature we extend the authorisation schema of DTAC to define a general formalism for describing authorisation schema for any accesscontrol *** on our generic authorisation schema we define a new simpler constraint specification language which is as expressive as our previous graphical constraint languages and no more complex to verify.
General accesscontrolmodels enable flexible expression of accesscontrol policies, but they make the verification of whether a particular accesscontrol configuration is safe (i.e., prevents the leakage of a permiss...
ISBN:
(纸本)9781581133509
General accesscontrolmodels enable flexible expression of accesscontrol policies, but they make the verification of whether a particular accesscontrol configuration is safe (i.e., prevents the leakage of a permission to an unauthorized subject) difficult. The current approach to expressing safety policy in such models is to use constraints. When the constraints are verified, then the configuration is verified to be safe. However, the addition of constraints to an accesscontrol configuration significantly increases its complexity, so it quickly becomes difficult to understand the accesscontrol policy expressed in the configuration such that future changes can be made correctly. We propose an approach whereby the complexity of each accesscontrol configuration is estimated, so the administrators can see the effect of a configuration change on the future ability to maintain the configuration. We identify metrics for making complexity estimates and evaluate these metrics on some constraint examples. Our goal is to enable the use of flexible accesscontrolmodels for safety-critical systems by permitting limited use of constraints that do not complicate the configuration beyond a maintainable complexity.
This paper examines the related issues of capacity, coverage and power control in a multi-cell WCDMA network. The network capacity in this case is based on required link quality thresholds. If all users achieve the re...
详细信息
ISBN:
(纸本)0780364635
This paper examines the related issues of capacity, coverage and power control in a multi-cell WCDMA network. The network capacity in this case is based on required link quality thresholds. If all users achieve the required link SIR targets for a given percentage of all power control time slots, the network is deemed not to have exceeded its capacity. When this is 50%, the analysis reverts to the conventional mean SIR target performance. For network operators however a substantially higher link quality requirement is likely. In this case, 95% is considered. This means all users must achieve a SIR of greater than or equal to the target value for 95% of the time. The analysis is based on extended models used for IS-95 systems which relies on Gaussian assumptions of interference. This approach gives an insight into the effects of varying traffic types, different allowances for SIR targets and mixed traffic. This paper presents analysis which allows the mimum required power control to be determined based on network load and traffic mix. It also presents analysis which allows the impact of mobile by mobile power control to be examined.
A description is given of the design and capabilities of a simulation program that models the behavior of a token-ring access local area network (LAN). Such networks consist of a variety of devices connected to a high...
详细信息
ISBN:
(纸本)0818607661
A description is given of the design and capabilities of a simulation program that models the behavior of a token-ring access local area network (LAN). Such networks consist of a variety of devices connected to a high-speed transmission medium having a geographic extent limited to a few kilometers. Topologically, the transmission medium and devices constitute a closed loop or ring. Devices transmit messages on the ring only after obtaining control of a permission token that regulates access to the transmission medium. Attention is focused on the token-ring access protocol since the available evidence suggests that this protocol results in small delays at light workloads and controlled delay at heavy workloads.
This paper describes the design and capabilities of a simulation program that models the behavior of a token-ring access local area network (LAN). Such networks consist of a variety of devices connected to a high spee...
详细信息
暂无评论