2003 Articles
Managing Access Control in Large Scale Heterogeneous Networks
The design principle of maximizing local autonomy except when it conflicts with global robustness has led to a scalable Internet with enormous heterogeneity of both applications and infrastructure. These properties have not been achieved in the mechanisms for specifying and enforcing security policies. The STRONGMAN (for Scalable TRust Of Next Generation MANagement) system [9], [10] offers three new approaches to scalability, applying the principle of local policy enforcement complying with global security policies. First is the use of a compliance checker to provide great local autonomy within the constraints of a global security policy. Second is a mechanism to compose policy rules into a coherent enforceable set, e.g., at the boundaries of two locally autonomous application domains. Third is the "lazy instantiation" of policies to reduce the amount of state that enforcement points need to maintain. In this paper, we focus on the issues of scalability and heterogeneity.
Subjects
Files
-
insc.pdf application/pdf 63.3 KB Download File
Also Published In
- Title
- Proceedings of the NATO Consultation, Command and Control Interoperable Networks for Secure Communication (INSC '03) Symposium, The Hague, Netherlands, November 4-6, 2003
More About This Work
- Academic Units
- Computer Science
- Published Here
- July 9, 2012