{"title":"在统一的客舱数据网络中实施域隔离","authors":"Nils Tobeck","doi":"10.1109/DASC.2017.8102105","DOIUrl":null,"url":null,"abstract":"In systems of systems designing access control policies is a complex task, especially when each system has its own high-level security policy requirements. There is no general way of expressing policies with generic rules, because policies commonly have scenario-specific characteristics. A graph-based system of systems model is applied, which incorporates an attribute-based approach to model scenario-specific characteristics of policies. The model is based on simple graph and set theoretical methods. The access control system establishes virtual channel objects, which enforce access to a resource. Channels are characterized by attributes of channel source and channel destination. The specific channel characteristics are computed at run-time and policy evaluation is performed on these virtual channel objects. This allows policy design for channels without explicitly knowing a specific channel. The concept is evaluated by simulating three use cases to demonstrate scalability and feasibility.","PeriodicalId":130890,"journal":{"name":"2017 IEEE/AIAA 36th Digital Avionics Systems Conference (DASC)","volume":"22 7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Enforcing domain segregation in unified cabin data networks\",\"authors\":\"Nils Tobeck\",\"doi\":\"10.1109/DASC.2017.8102105\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In systems of systems designing access control policies is a complex task, especially when each system has its own high-level security policy requirements. There is no general way of expressing policies with generic rules, because policies commonly have scenario-specific characteristics. A graph-based system of systems model is applied, which incorporates an attribute-based approach to model scenario-specific characteristics of policies. The model is based on simple graph and set theoretical methods. The access control system establishes virtual channel objects, which enforce access to a resource. Channels are characterized by attributes of channel source and channel destination. The specific channel characteristics are computed at run-time and policy evaluation is performed on these virtual channel objects. This allows policy design for channels without explicitly knowing a specific channel. The concept is evaluated by simulating three use cases to demonstrate scalability and feasibility.\",\"PeriodicalId\":130890,\"journal\":{\"name\":\"2017 IEEE/AIAA 36th Digital Avionics Systems Conference (DASC)\",\"volume\":\"22 7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE/AIAA 36th Digital Avionics Systems Conference (DASC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DASC.2017.8102105\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE/AIAA 36th Digital Avionics Systems Conference (DASC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DASC.2017.8102105","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Enforcing domain segregation in unified cabin data networks
In systems of systems designing access control policies is a complex task, especially when each system has its own high-level security policy requirements. There is no general way of expressing policies with generic rules, because policies commonly have scenario-specific characteristics. A graph-based system of systems model is applied, which incorporates an attribute-based approach to model scenario-specific characteristics of policies. The model is based on simple graph and set theoretical methods. The access control system establishes virtual channel objects, which enforce access to a resource. Channels are characterized by attributes of channel source and channel destination. The specific channel characteristics are computed at run-time and policy evaluation is performed on these virtual channel objects. This allows policy design for channels without explicitly knowing a specific channel. The concept is evaluated by simulating three use cases to demonstrate scalability and feasibility.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
