Policy/mechanism separation in Hydra

Levin, Roy; Cohen, Ellis S.; Corwin, W.; Pollack, F.; Wulf, William A.

doi:10.1145/800213.806531

Cited by 85 publications

(41 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The principle of "separating policy from mechanism" [11] applies the term mechanism to the invariant parts and policy to the variant parts. When we maximize the invariant parts we can then build immutable infrastructure that is independent of the policy approach, and define a Universal Policy Model (UPM) to operate on this infrastructure and to describe and interchange between different policy-and application-domains.…”

Section: A This Workmentioning

confidence: 99%

“…Here, the dynamic features are policy, role, and control. In the mid 1970's operating systems began using the term policy as an artifact of control [11], where users could influence kernel-space decisions without requiring an expensive kernel to user space switch. In [18] the authors separate static and dynamic policies for memory allocation, for static memory allocated at scheduling time with dynamic memory changing with the process.…”

Section: B Related Workmentioning

confidence: 99%

“…In [18] the authors separate static and dynamic policies for memory allocation, for static memory allocated at scheduling time with dynamic memory changing with the process. The policy/mechanism principle for operating system resource allocation is introduced in [11], while [19] explains how this principle can be applied to networks and their management.…”

Section: B Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Taming policy complexity: Model to execution

Meer¹,

Keeney²,

Fallon³

2018

NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

Abstract-Since the 1970's it has been acknowledged that a complex system can be broken into (a) its invariant functional parts (mechanism), and (b) the externalized choices for how the system should behave (policy). Policy-based management's main objective is to separate and externalize the decisions required by a system from the mechanisms provided by the system, and provide a way to define and evaluate these decisions. A few decades later, we have today a plethora of different policy models and even more policy languages -plus tooling -offering policy-based solutions for virtually any use case and scenario. However, policy-based management as a standalone domain has never been evaluated in terms of which parts are variant / invariant, i.e. which parts of policy-based management can be domain-, model-, language-, usecase-independent. In this paper, we introduce and define a formal universal policy model that does exactly that. The result is a model that can be used to design, implement, and deploy immutable policy infrastructure (engine and executor) being able to execute (virtually) any policy model.

show abstract

Section: A This Workmentioning

confidence: 99%

Section: B Related Workmentioning

confidence: 99%

Section: B Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Taming policy complexity: Model to execution

Meer¹,

Keeney²,

Fallon³

2018

NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

show abstract

“…At the same time these successful classic models embody intuitions and principles that are likely to be vital to a comprehensive solution. The premise of sharply separating P-and E-layers builds on the much practised policy/mechanism separation principle first articulated in HYDRA [26]. P-layer specifications express a policy that is ideal in the sense that it ignores issues such as distributed authorization state, network latency, caching, and requirements for off-line use.…”

Section: Introductionmentioning

confidence: 99%

Group-Centric Models for Secure and Agile Information Sharing

Sandhu

Krishnan

Niu

et al. 2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract.To share information and retain control (share-but-protect) is a classic cyber security problem for which effective solutions continue to be elusive. Where the patterns of sharing are well defined and slow to change it is reasonable to apply the traditional access control models of lattice-based, role-based and attribute-based access control, along with discretionary authorization for further fine-grained control as required. Proprietary and standard rights markup languages have been developed to control what a legitimate recipient can do with the received information including control over its further discretionary dissemination. This dissemination-centric approach offers considerable flexibility in terms of controlling a particular information object with respect to already defined attributes of users, subjects and objects. However, it has many of the same or similar problems that discretionary access control manifests relative to role-based access control. In particular specifying information sharing patterns beyond those supported by currently defined authorization attributes is cumbersome or infeasible. Recently a novel mode of information sharing called group-centric was introduced by these authors. Group-centric secure information sharing (g-SIS) is designed to be agile and accommodate ad hoc patterns of information sharing. In this paper we review g-SIS models, discuss their relationship with traditional access control models and demonstrate their agility relative to these.

show abstract

“…Such mechanisms expand the UNIX security model and are implemented in several popular operating systems, such as Solaris and Windows NT [9]. The Hydra capability based operating system [16] separated its access control mechanisms from the definition of its security policy. Follow up operating system such as KeyKOS [11] and EROS [19] divide a secure system into compartments.…”

Section: Related Workmentioning

confidence: 99%

Design and implementation of virtual private services

Ioannidis

Bellovin

Ioannidis

et al.

WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Ente

View full text Add to dashboard Cite

Large scale distributed applications such as electronic commerce and online marketplaces combine network access with multiple storage and computational elements. The distributed responsibility for resource control creates new security and privacy issues, which are exacerbated by the complexity of the operating environment. In order to handle policies at multiple locations, the usual tools available (firewalls and compartmented file storage) get to be used in ways that are clumsy and prone to failure.We propose a new approach, virtual private services. Our approach relies on two functional divisions. First, we split policy specification and policy enforcement, providing local autonomy within the constraints of the global security policy. Second, we create virtual security domains, each with its own security policy. Every domain has an associated set of privileges and permissions restricting it to the resources it needs to use and the services it must perform. Virtual private services ensure security and privacy policies are adhered to through coordinated policy enforcement points. We describe our architecture and a prototype implementation, and present a preliminary performance evaluation confirming that our overhead of policy enforcement using is small. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it. Comments Copyright 2003 IEEE. Reprinted from Proceedings of the 12th IEEE International Workshops on EnablingThis conference paper is available at ScholarlyCommons: http://repository.upenn.edu/cis_papers/38 Design and Implementation of Virtual Private Services

show abstract

Policy/mechanism separation in Hydra

Cited by 85 publications

References 0 publications

Taming policy complexity: Model to execution

Taming policy complexity: Model to execution

Group-Centric Models for Secure and Agile Information Sharing

Design and implementation of virtual private services

Contact Info

Product

Resources

About