Abstract
Current operating systems enforce access control policies based on completely static rules, a method originating from a time where computers were expensive and had to serve several users simultaneously. Today, as computers are cheap, a trend to mobile workstations can be realized, where a single device is used to perform a dedicated task under unpredictable, changing conditions. However, the static access rules still remain, while their use in mobile environments is limited, because in changing environments, access rights must constantly be adjusted to guarantee data integrity in all situations. With dynamically adjusting rules, in turn, it is not sufficient anymore to check access to data only once; instead, access rights must be revalidated every time data is actually accessed, even if part of that data is cached by an application. In this paper, we present a method to dynamically and retrospectively enforce access control policies based on the context a device is operating in, while tracing data beyond disk accesses.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Dey, A., Salber, D., Abowd, G.D., Futakawa, M.: The conference assistant: Combining context-awareness with wearable computing. In: 3rd International Symposium on Wearable Computers, San Francisco, California, pp. 21–28 (1999)
Saltzer, J., Schroeder, M.: Protection of Information in Computer Systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)
Wright, C., Cowan, C., Morris, J., Smalley, S., Kroah-Hartman, G.: Linux Security Modules: General Security Support for the Linux Kernel. In: USENIX Security Symposium (2002)
Wright, C., Cowan, C., Morris, J., Smalley, S., Kroah-Hartman, G.: Linux security module framework. In: Ottawa Linux Symposium (2002)
Kumar, A., Karnik, N., Chafle, G.: Context sensitivity in role-based access control. SIGOPS Oper. Syst. Rev. 36(3), 53–66 (2002)
Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Hulsebosch, R.J., Salden, A.H., Bargh, M.S., Ebben, P.W.G., Reitsma, J.: Context sensitive access control. In: SACMAT 2005: Proceedings of the tenth ACM symposium on Access control models and technologies, New York, NY, USA, pp. 111–119. ACM Press, New York (2005)
Moyer, M.J., Ahamad, M.: Generalized role-based access control. In: Proceedings of the IEEE International Conference on Distributed Computing Systems, Mesa, Arizona, USA, pp. 391–398. IEEE Computer Society Press, Los Alamitos (2001)
Covington, M.J., Long, W., Srinivasan, S., Dey, A.K., Ahamad, M., Abowd, G.D.: Securing context-aware applications using environment roles. In: Proceedings of the sixth ACM symposium on Access control models and technologies, pp. 10–20. ACM Press, New York (2001)
Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. Technical report, NAI Labs, NSA (2001)
Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. In: USENIX Annual Technical Conference (2001)
Loscocco, P., Smalley, S.: Meeting critical security objectives with security-enhanced linux. In: Ottawa Linux Symposium (2001)
Badger, L., et al.: Practical domain and type enforcement for unix. In: IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1995)
Boebert, W.E., Kain, R.Y.: A practical alternative to hierarchical integrity policies. In: 8th National Computer Security Conference, pp. 18–27 (1985)
Jaeger, T., Sailer, R., Zhang, X.: Analyzing integrity protection in the selinux example policy. In: Proceedings of the 12th USENIX Security Symposium (2003)
Salber, D., Abowd, G.D.: The design and use of a generic context server. In: Proceedings of the Perceptual User Interfaces Workshop (PUI 1998), San Francisco, CA, pp. 63–66 (1998)
Salber, D., Dey, A.K., Abowd, G.D.: The context toolkit: Aiding the development of context-enabled applications. In: Proceeddings of the 1999 Conference on Human Factors in Computing Systems (CHI 1999), Pittsburgh, PA, pp. 434–441 (1999)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Buntrock, T., Esperer, HC., Eckert, C. (2007). Situation-Based Policy Enforcement. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)