{"title":"分布式组件结构化应用程序中安全策略的自信任实施","authors":"P. Herrmann, H. Krumm","doi":"10.1109/ISCC.2001.935347","DOIUrl":null,"url":null,"abstract":"Software component technology on the one hand supports the cost-effective development of specialized applications. On the other hand, however it introduces special security problems. Some major problems can be solved by the automated run-time enforcement of security policies. Each component is controlled by a wrapper which monitors the component's behavior and checks its compliance with the security behavior constraints of the component's employment contract. Since control functions and wrappers can cause substantial overhead, we introduce trust-adapted control functions where the intensity of monitoring and behavior checks depends on the level of trust, the component, its hosting environment, and its vendor have currently in the eyes of the application administration. We report on wrappers and a trust information service, outline the embedding security model and architecture, and describe a Java Bean based experimental implementation.","PeriodicalId":147986,"journal":{"name":"Proceedings. Sixth IEEE Symposium on Computers and Communications","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2001-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":"{\"title\":\"Trust-adapted enforcement of security policies in distributed component-structured applications\",\"authors\":\"P. Herrmann, H. Krumm\",\"doi\":\"10.1109/ISCC.2001.935347\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software component technology on the one hand supports the cost-effective development of specialized applications. On the other hand, however it introduces special security problems. Some major problems can be solved by the automated run-time enforcement of security policies. Each component is controlled by a wrapper which monitors the component's behavior and checks its compliance with the security behavior constraints of the component's employment contract. Since control functions and wrappers can cause substantial overhead, we introduce trust-adapted control functions where the intensity of monitoring and behavior checks depends on the level of trust, the component, its hosting environment, and its vendor have currently in the eyes of the application administration. We report on wrappers and a trust information service, outline the embedding security model and architecture, and describe a Java Bean based experimental implementation.\",\"PeriodicalId\":147986,\"journal\":{\"name\":\"Proceedings. Sixth IEEE Symposium on Computers and Communications\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2001-07-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"33\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. Sixth IEEE Symposium on Computers and Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCC.2001.935347\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. Sixth IEEE Symposium on Computers and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC.2001.935347","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Trust-adapted enforcement of security policies in distributed component-structured applications
Software component technology on the one hand supports the cost-effective development of specialized applications. On the other hand, however it introduces special security problems. Some major problems can be solved by the automated run-time enforcement of security policies. Each component is controlled by a wrapper which monitors the component's behavior and checks its compliance with the security behavior constraints of the component's employment contract. Since control functions and wrappers can cause substantial overhead, we introduce trust-adapted control functions where the intensity of monitoring and behavior checks depends on the level of trust, the component, its hosting environment, and its vendor have currently in the eyes of the application administration. We report on wrappers and a trust information service, outline the embedding security model and architecture, and describe a Java Bean based experimental implementation.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
