Hidden software capabilities

Hagimont, Daniel; Mossière, Jacques; Pina, Xavier Rousset de; Saunier, F.

doi:10.1109/icdcs.1996.507926

Cited by 18 publications

(15 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Confused deputy attacks can be avoided using a capabilitybased access control model such as [13,14]. By binding possible operations of a process directly to objects, these models prevents attacks such as those based on symbolic links or file renaming.…”

Section: Related Workmentioning

confidence: 99%

An Improved Reference Flow Control Model for Policy-Based Intrusion Detection

Zimmermann¹,

Mé²,

Bidan³

2003

Computer Security – ESORICS 2003

View full text Add to dashboard Cite

Abstract. In this paper, we describe a novel approach to policy-based intrusion detection. The model we propose checks legality of information flows between objects in the system, according to an existing security policy specification. These flows are generated by executed system operations. Illegal flows, i.e., not authorized by the security policy, are signaled and considered as intrusion symptoms. This model is able to detect a large class of attacks, referred to as "attacks by delegation" in this paper. Since the approach focuses really on attack effects instead of attack scenarii, unknown attacks by delegation can be detected.

show abstract

Section: Related Workmentioning

confidence: 99%

An Improved Reference Flow Control Model for Policy-Based Intrusion Detection

Zimmermann¹,

Mé²,

Bidan³

2003

Computer Security – ESORICS 2003

View full text Add to dashboard Cite

show abstract

“…The active software capability model is inspired by work on hidden software capabilities in the SIRAC project at IN-RIA Rhône-Alpes [9,12]. Hidden software capabilities separate security from the functional aspects of an application, by delegating management and exchange of capabilities to protection interfaces interposed between client and server.…”

Section: Proxy-based Securitymentioning

confidence: 99%

“…This enables a proxy-based approach to security [19,9,2]. The client downloads the ASCap proxy from the security server and instantiates it.…”

Section: Security Mechanism Layermentioning

confidence: 99%

“…In this paper we propose a new unified security mechanism, called active software capabilities, which combines the ideas of proxy-based security [19,17,9] and active capabilities [28] to achieve adaptability without the need to rewrite application code. Security proxies are downloaded at runtime from a security server, which is associated with the object server that manages the resource that the client wishes to access.…”

mentioning

confidence: 99%

See 1 more Smart Citation

A unified security framework for networked applications

Abendroth

Jensen

2003

Proceedings of the 2003 ACM Symposium on Applied Computing

View full text Add to dashboard Cite

Various security models have been proposed for different types of applications and numerous types of execution environments. These models are typically reinforced by adding code to the application, which authenticates principals, authorises operations and establishes secure communication among distributed software components (e.g., clients and servers). This code is often application and context-specific, which makes it difficult to integrate an application with other each other.In this paper we propose a new unified access control mechanism that supports most of the existing security models and offers a number of additional controls that are not normally provided by security mechanisms. Moreover, the proposed mechanism integrates well with existing programming paradigms for distributed application, e.g., client/server technology and component based programming. This means that it can be seamlessly integrated with most existing distributed applications. We have implemented the proposed mechanism in a framework, that can be instantiated to implement different security models and policies. We present a qualitative evaluation that demonstrates the framework's ability to support a wide range of security policies and a preliminary performance evaluation of the framework.

show abstract

“…The protection model described in the following was originally developed for a distributed shared memory system called ARIAS [6,4]. Our preliminary experiences with applications written for ARIAS and discussions with colleagues who develop the OLAN distributed application configuration language [1], has convinced us of its general applicability for software reuse.…”

Section: Protection Modelmentioning

confidence: 99%