next up previous
Next: 1.Introduction

Representation and Evaluation of Security Policies for Distributed System Services

Tatyana Ryutov and Clifford Neuman
Information Sciences Institute
University of Southern California
4676 Admiralty Way suite 1001
Marina del Rey, CA 90292
{tryutov, bcn}
(310)822-1511 (voice) (310)823-6714 (fax)


We present a new model for authorization that integrates both local and distributed access control policies and that is extensible across multiple applications and administrative entities. We introduce a general mechanism that is capable of implementing multiple security policies including role-based access control, Clark-Wilson, ACLs, capabilities, and lattice-based access controls. The Generic Authorization and Access-control API (GAA API) provides a general framework for applications to facilitate access control decisions and request authorization information about a particular resource, thus making our model application-independent. We have integrated our system with the Prospero Resource Manager and Globus Security Infrastructure.

Tatyana Ryutov 2002-06-25