DIMACS Special Year on Networks Seminar


Unified Support for Heterogeneous Security Policies in Distributed Systems


Naftaly H. Minsky
Dept. of Computer Science, Rutgers University


AT&T Murray Hill Building, Room: 2B-432
Note: Visitors not from the MH building should use the east side entrance "stairway 9", and call Dahlia Malkhi, phone number 7809, to let them in. Since entering the MH building takes time, visitors are requested to arrive no latter than 1:45pm.
AT&T Host: Dahlia Malkhi


2:00 p.m
Friday, February 28, 1997

Modern distributed systems tend to be conglomerates of heterogeneous subsystems, which have been designed separately, by different people with little, if any, knowledge of each other --- and which may be governed by different security policies. A single software agent operating within such a system may find itself interacting with, or even belonging to, several subsystems, and thus be subject to several disparate policies. If every such policy is expressed by means of a different formalism and enforced with a different mechanism, the situation can get easily out of hand.

To deal with this problem we propose in this paper a security mechanism that can support efficiently, and in a unified manner, a wide range of security models and policies, including: conventional discretionary models that use capabilities or access-control lists, mandatory lattice-based access control models, and the more sophisticated models and policies required for commercial applications, such as DISTRIBUTED VOTING and SEALED-BID AUCTION. Moreover, under the proposed mechanism, a single agent may be involved in several different modes of interactions that are subject to disparate security policies.

[Based on research done in collaboration with Victoria Ungureanu ]

Document last modified on February 21, 1997