Compile-Time Enforcement of Dynamic Security Policies

P
POLICY
2008
2008 IEEE Workshop on Policies for Distributed Systems and Networks
Abstract - Compile-Time Enforcement of Dynamic Security Policies

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by David M. Eyers Articles by Sriram Srinivasan Articles by Ken Moody Articles by Jean Bacon

2008 IEEE Workshop on Policies for Distributed Systems and Networks

June 02-June 04

ISBN: 978-0-7695-3133-5

	ASCII Text	x
	David M. Eyers, Sriram Srinivasan, Ken Moody, Jean Bacon, "Compile-Time Enforcement of Dynamic Security Policies," Policies for Distributed Systems and Networks, IEEE International Workshop on, pp. 119-126, 2008 IEEE Workshop on Policies for Distributed Systems and Networks, 2008.

	BibTex	x
	@article{ 10.1109/POLICY.2008.24, author = {David M. Eyers and Sriram Srinivasan and Ken Moody and Jean Bacon}, title = {Compile-Time Enforcement of Dynamic Security Policies}, journal ={Policies for Distributed Systems and Networks, IEEE International Workshop on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3133-5}, pages = {119-126}, doi = {http://doi.ieeecomputersociety.org/10.1109/POLICY.2008.24}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Policies for Distributed Systems and Networks, IEEE International Workshop on TI - Compile-Time Enforcement of Dynamic Security Policies SN - 978-0-7695-3133-5 SP119 EP126 A1 - David M. Eyers, A1 - Sriram Srinivasan, A1 - Ken Moody, A1 - Jean Bacon, PY - 2008 KW - Kilim KW - Dynamic security constraints KW - compile-time security enforcement VL - 0 JA - Policies for Distributed Systems and Networks, IEEE International Workshop on ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/POLICY.2008.24

Dynamic separation of duties, delegation and other dynamic security constraints require the state of the security system to be managed explicitly at run-time in software. The majority of this software is still programmed directly by humans, and is thus susceptible to errors that will impact the overall functionality and security of the system. In this paper we demonstrate a technique for statically checking properties of the software that manages dynamic security policies. We base our work on Kilim, a shared-nothing, message-passing Java framework that provides a faster, safer alternative to the dominant shared-memory and locking paradigm.??We demonstrate that Kilim's static, compile-time verification of type linearity can also effect validation of aspects of dynamic security systems. We describe our initial steps toward the use of Kilim to support active, distributed security infrastructure.

Index Terms:

Kilim, Dynamic security constraints, compile-time security enforcement

Citation:

David M. Eyers, Sriram Srinivasan, Ken Moody, Jean Bacon, "Compile-Time Enforcement of Dynamic Security Policies," policy, pp.119-126, 2008 IEEE Workshop on Policies for Distributed Systems and Networks, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.