Model of User Access Control to Virtual Machines Based on RT-Family Trust Management Language with Temporal Validity Constraints - Practical Application

• Autorzy: Lasota K. , Kozakiewicz A.
• Języki publikacji: EN

Abstrakty

EN

The paper presents an application of an RT-family trust management language as a basis for an access control model. The discussion concerns a secure workstation running multiple virtual machines used to process sensitive information from multiple security domains, providing strict separation of the domains. The users may act in several different roles, with different access rights. The inference mechanisms of the language are used to translate credentials allowing users to access different functional domains, and assigning virtual machines to these domains into clear rules, regulating the rights of a particular user to a particular machine, taking into account different periods of validity of different credentials. The paper also describes a prototype implementation of the model.

Słowa kluczowe

EN

RT-family languages; security model; user access control; virtualization environment

• Wydawca: Instytut Łączności - Państwowy Instytut Badawczy
• Czasopismo: Journal of Telecommunications and Information Technology
• Rocznik: 2012
• Tom: nr 3
• Strony: 13--21
• Opis fizyczny: Bibliogr. 11 poz., rys.

Twórcy

autor

Lasota K.

autor

Kozakiewicz A.

• Research and Academic Computer Network (NASK), Wąwozowa st 18, 02-796 Warszawa, Poland,

Bibliografia

• [1] A. Kozakiewicz, A. Felkner, J. Furtak, Z. Zieliński, M. Brudka, and M. Małowidzki, “Secure workstation for special applications”, in Secure and Trust Computing, Data Management, and Applications, C. Lee, J.-M. Seigneur, J. J. Park, R. R. Wagner, Eds., Communications in Computer and Information Science, vol. 187. Berlin: Springer, 2011, pp. 174–181.
• [2] N. Li, J. Mitchell, and W. Winsborough, “Design of a role-based trust-management framework”, in Proc. IEEE Symp. Secur. Priv., Oakland, CA, USA, 2002, pp. 114–130.
• [3] A. Felkner, “Modeling trust management in computer systems”, in Proc. IX Int PhD Worksh OWD 2007, Conf Archives PTETiS, Wisła, Poland, 2007, vol. 23, pp. 65–70.
• [4] D. Ferraiolo and D. Kuhn, “Role-based access control”, in Proc. 15th Nat. Comp. Secur. Conf., Barltimore, USA, 1992, pp. 554–563.
• [5] N. Li and J. Mitchell, “RT: A role-based trust-management framework”, in Proc. 3rd DARPA Inform. Survivability Conf. Exp., Washington, DC, USA, 2003, pp. 201–212.
• [6] N. Li, W. Winsborough, and J. Mitchell, “Distributed credential chain discovery in trust management”, J. Comput. Secur, vol. 1, pp. 35–86, 2003.
• [7] A. Felkner and K. Sacha, “Deriving RTT credentials for role based trust management”, e-Informatica Softw. Engin. J. (ISEJ), vol. 4, pp. 9–19, 2010.
• [8] A. Felkner and A. Kozakiewicz, “Time validity in role-based trust management inference system”, in Secure and Trust Computing, Data Management, and Applications, C. Lee, J.-M. Seigneur, J. J. Park, and R. R. Wagner, Eds., Communications in Computer and Information Science, vol. 187. Berlin: Springer, 2011, pp. 7–15.
• [9] A. Felkner and A. Kozakiewicz, “Czasowa ważność poświadczeń języka RTT+ ”, Studia Informatica, vol. 32, pp. 145–154, 2011 (in Polish).
• [10] D. D. Bell and L. J. La Padula, “Secure Computer System: Unified Exposition and Multics Interpretation”, ESDTR-75-306, Bedford, MA: ESD/AFSC, Hanscom AFB, 1974 [Online]. Available: http://csrc.nist.gov/publications/history/bell76.pdf
• [11] D. E. Bell, “Looking back at the Bell-La Padula model”, in Proc. 21st Ann. Comp. Secur. Appl. Conf. ACSAC 2005, Tucson, AZ, USA, 2005, pp. 337–351.