Policies for Distributed Systems and Networks, IEEE International Workshop on (2007)
June 13, 2007 to June 15, 2007
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/POLICY.2007.8
Giovanni Russello , Imperial College London, UK
Changyu Dong , Imperial College London, UK
Naranker Dulay , Imperial College London, UK
In this paper we generalise the authorisation policy model supported by the Ponder policy language for hierarchically organised domains of managed objects to support subject-based policies and return policies. We describe the authorisation conflicts that can occur and present a strategy to automatically resolve them. In our model each action has four endpoints: the subject call, the subject return, the target call and the target return. Each endpoint can have associated policies which are used to define constraints on which subjects are permitted to call which targets, and what is permitted to be transferred between subjects and targets. Subject-based policies aim to protect the subject from untrusted targets, while target-based policies aim to protect the target from unauthorised subjects. Subject-based policies are defined for and enforced by the subject?s PEP, while target-based policies are defined for and enforced by the target?s PEP. Although subject-based and target-based policies are separated, they are uniformly specified in our framework.
N. Dulay, C. Dong and G. Russello, "Authorisation and Conflict Resolution for Hierarchical Domains," Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)(POLICY), Bologna, 2007, pp. 201-210.