A novel approach for distributed updates of MAC policies using a meta-protection framework - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2004

A novel approach for distributed updates of MAC policies using a meta-protection framework

Résumé

This paper presents a novel approach to update a Mandatory Access Control policy on a distributed architecture, without relying on a central component. The two characteristic points of this approach are: 1) updates are performed locally, on each node of the distributed architecture, and 2) all updates are locally checked against a common meta-policy, which specifies what part of the policy each node can update. Thus, there is no need for a central component, and still the policy update is controlled. This local approach provides better fault-tolerance and allows a given node to react to malicious activities detected locally. The meta-policy is shared by all nodes and relies on the notions of types, roles, users and security context. It contains modification rules that specify how the MAC policy can be modified in a given security context. This approach is developed as a joint research project with INRIA and FT R&D, called ACI SATIN, where verification techniques are proposed to verify that the distributed modifications cannot violate the required security properties.
Fichier non déposé

Dates et versions

hal-00083215 , version 1 (29-06-2006)

Identifiants

  • HAL Id : hal-00083215 , version 1

Citer

Mathieu Blanc, Pierre Courtieu, Gaetan Hains, Laurent Oudot, Christian Toinard. A novel approach for distributed updates of MAC policies using a meta-protection framework. 15th IEEE International Symposium on Software Reliability Engineering (ISSRE 2004), Nov 2004, Saint Malo, France. pp.29-30. ⟨hal-00083215⟩
98 Consultations
0 Téléchargements

Partager

Gmail Facebook X LinkedIn More