Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: Managing security policies: Modeling, verification and configuration
Article type: Research Article
Authors: Sandhu, Ravi; | Zhang, Xinwen | Ranganathan, Kumar | Covington, Michael J.
Affiliations: George Mason University and TriCipher Inc., USA E-mail: sandhu@gmu.edu | George Mason University, Fairfax, VA, USA E-mail: xzhang6@gmu.edu | Intel System Research Center, Bangalore, India E-mail: kumar.ranganathan@intel.com | Intel Corporation, Hillsboro, OR, USA E-mail: michael.j.covington@intel.com
Note: [] Corresponding author. Department of Information and Software Engineering, George Mason University, 4400 University Drive, MSN 4A4, Fairfax, VA 22030, USA. Tel.: (703)993-1668. Fax: (703)993-1638. E-mail: sandhu@gmu.edu.
Abstract: It has been recognized for some time that software alone does not provide an adequate foundation for building a high-assurance trusted platform. The emergence of industry-standard trusted computing technologies promises a revolution in this respect by providing roots of trust upon which secure applications can be developed. These technologies offer a particularly attractive platform for security policy enforcement in general distributed systems. In this paper we propose a security framework to enforce access control policies with trusted computing, by following the recently proposed policy-enforcement-implementation (PEI) models. Our architecture is based on an abstract layer of trusted hardware which can be constructed with emerging trusted computing technologies. A trusted reference monitor (TRM) is introduced beyond the trusted hardware. By monitoring and verifying the integrity and properties of running applications in a platform using the functions of trusted computing, the TRM can enforce various policies on behalf of object owners. We further extend this platform-based architecture to support general user-based access control policies, cooperating with existing services for user identity and attributes, thus potentially supporting general access control models such as lattice-based, role-based, and usage-based access control policies.
Keywords: Access control, trusted computing, PEI models, security framework, client-side security enforcement
Journal: Journal of High Speed Networks, vol. 15, no. 3, pp. 229-245, 2006
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl