Managing Access Control in Large Scale Heterogeneous Networks

Angelos D. Keromytis; Kostas G. Anagnostakis; Sotiris Ioannidis; Michael Greenwald; Jonathan M. Smith

Managing Access Control in Large Scale Heterogeneous Networks
Keromytis, Angelos D.
Anagnostakis, Kostas G.
Ioannidis, Sotiris
Greenwald, Michael
Smith, Jonathan M.
Computer Science
Persistent URL:
Book/Journal Title:
Proceedings of the NATO Consultation, Command and Control Interoperable Networks for Secure Communication (INSC '03) Symposium, The Hague, Netherlands, November 4-6, 2003
The design principle of maximizing local autonomy except when it conflicts with global robustness has led to a scalable Internet with enormous heterogeneity of both applications and infrastructure. These properties have not been achieved in the mechanisms for specifying and enforcing security policies. The STRONGMAN (for Scalable TRust Of Next Generation MANagement) system [9], [10] offers three new approaches to scalability, applying the principle of local policy enforcement complying with global security policies. First is the use of a compliance checker to provide great local autonomy within the constraints of a global security policy. Second is a mechanism to compose policy rules into a coherent enforceable set, e.g., at the boundaries of two locally autonomous application domains. Third is the "lazy instantiation" of policies to reduce the amount of state that enforcement points need to maintain. In this paper, we focus on the issues of scalability and heterogeneity.
Computer science
Item views
text | xml
Suggested Citation:
Angelos D. Keromytis, Kostas G. Anagnostakis, Sotiris Ioannidis, Michael Greenwald, Jonathan M. Smith, , Managing Access Control in Large Scale Heterogeneous Networks, Columbia University Academic Commons, .

Columbia University Libraries | Policies | FAQ