Situation-based policy enforcement

Thomas Buntrock; Hans Christian Esperer; Claudia Eckert

doi:10.1007/978-3-540-74409-2_21

Situation-based policy enforcement

Thomas Buntrock, Hans Christian Esperer, Claudia Eckert

Technische Universität Darmstadt

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Current operating systems enforce access control policies based on completely static rules, a method originating from a time where computers were expensive and had to serve several users simultaneously. Today, as computers are cheap, a trend to mobile workstations can be realized, where a single device is used to perform a dedicated task under unpredictable, changing conditions. However, the static access rules still remain, while their use in mobile environments is limited, because in changing environments, access rights must constantly be adjusted to guarantee data integrity in all situations. With dynamically adjusting rules, in turn, it is not sufficient anymore to check access to data only once; instead, access rights must be revalidated every time data is actually accessed, even if part of that data is cached by an application. In this paper, we present a method to dynamically and retrospectively enforce access control policies based on the context a device is operating in, while tracing data beyond disk accesses.

Original language	English
Title of host publication	Trust, Privacy and Security in Digital Business - 4th International Conference, TrustBus 2007, Proceedings
Publisher	Springer Verlag
Pages	190-200
Number of pages	11
ISBN (Print)	9783540744085
DOIs	https://doi.org/10.1007/978-3-540-74409-2_21
State	Published - 2007
Externally published	Yes
Event	4th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2007 - Regensburg, Germany Duration: 4 Sep 2007 → 6 Sep 2007

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4657 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	4th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2007
Country/Territory	Germany
City	Regensburg
Period	4/09/07 → 6/09/07

Access to Document

10.1007/978-3-540-74409-2_21

Cite this

Buntrock, T., Esperer, H. C., & Eckert, C. (2007). Situation-based policy enforcement. In Trust, Privacy and Security in Digital Business - 4th International Conference, TrustBus 2007, Proceedings (pp. 190-200). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4657 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-540-74409-2_21

Buntrock, Thomas ; Esperer, Hans Christian ; Eckert, Claudia. / Situation-based policy enforcement. Trust, Privacy and Security in Digital Business - 4th International Conference, TrustBus 2007, Proceedings. Springer Verlag, 2007. pp. 190-200 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{2d31da65390c4a8c8ec6a19f575c5080,

title = "Situation-based policy enforcement",

abstract = "Current operating systems enforce access control policies based on completely static rules, a method originating from a time where computers were expensive and had to serve several users simultaneously. Today, as computers are cheap, a trend to mobile workstations can be realized, where a single device is used to perform a dedicated task under unpredictable, changing conditions. However, the static access rules still remain, while their use in mobile environments is limited, because in changing environments, access rights must constantly be adjusted to guarantee data integrity in all situations. With dynamically adjusting rules, in turn, it is not sufficient anymore to check access to data only once; instead, access rights must be revalidated every time data is actually accessed, even if part of that data is cached by an application. In this paper, we present a method to dynamically and retrospectively enforce access control policies based on the context a device is operating in, while tracing data beyond disk accesses.",

author = "Thomas Buntrock and Esperer, {Hans Christian} and Claudia Eckert",

year = "2007",

doi = "10.1007/978-3-540-74409-2_21",

language = "English",

isbn = "9783540744085",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "190--200",

booktitle = "Trust, Privacy and Security in Digital Business - 4th International Conference, TrustBus 2007, Proceedings",

note = "4th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2007 ; Conference date: 04-09-2007 Through 06-09-2007",

}

Buntrock, T, Esperer, HC & Eckert, C 2007, Situation-based policy enforcement. in Trust, Privacy and Security in Digital Business - 4th International Conference, TrustBus 2007, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4657 LNCS, Springer Verlag, pp. 190-200, 4th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2007, Regensburg, Germany, 4/09/07. https://doi.org/10.1007/978-3-540-74409-2_21

Situation-based policy enforcement. / Buntrock, Thomas; Esperer, Hans Christian; Eckert, Claudia.
Trust, Privacy and Security in Digital Business - 4th International Conference, TrustBus 2007, Proceedings. Springer Verlag, 2007. p. 190-200 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4657 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Situation-based policy enforcement

AU - Buntrock, Thomas

AU - Esperer, Hans Christian

AU - Eckert, Claudia

PY - 2007

Y1 - 2007

N2 - Current operating systems enforce access control policies based on completely static rules, a method originating from a time where computers were expensive and had to serve several users simultaneously. Today, as computers are cheap, a trend to mobile workstations can be realized, where a single device is used to perform a dedicated task under unpredictable, changing conditions. However, the static access rules still remain, while their use in mobile environments is limited, because in changing environments, access rights must constantly be adjusted to guarantee data integrity in all situations. With dynamically adjusting rules, in turn, it is not sufficient anymore to check access to data only once; instead, access rights must be revalidated every time data is actually accessed, even if part of that data is cached by an application. In this paper, we present a method to dynamically and retrospectively enforce access control policies based on the context a device is operating in, while tracing data beyond disk accesses.

AB - Current operating systems enforce access control policies based on completely static rules, a method originating from a time where computers were expensive and had to serve several users simultaneously. Today, as computers are cheap, a trend to mobile workstations can be realized, where a single device is used to perform a dedicated task under unpredictable, changing conditions. However, the static access rules still remain, while their use in mobile environments is limited, because in changing environments, access rights must constantly be adjusted to guarantee data integrity in all situations. With dynamically adjusting rules, in turn, it is not sufficient anymore to check access to data only once; instead, access rights must be revalidated every time data is actually accessed, even if part of that data is cached by an application. In this paper, we present a method to dynamically and retrospectively enforce access control policies based on the context a device is operating in, while tracing data beyond disk accesses.

UR - http://www.scopus.com/inward/record.url?scp=37249038522&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-74409-2_21

DO - 10.1007/978-3-540-74409-2_21

M3 - Conference contribution

AN - SCOPUS:37249038522

SN - 9783540744085

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 190

EP - 200

BT - Trust, Privacy and Security in Digital Business - 4th International Conference, TrustBus 2007, Proceedings

PB - Springer Verlag

T2 - 4th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2007

Y2 - 4 September 2007 through 6 September 2007

ER -

Buntrock T, Esperer HC, Eckert C. Situation-based policy enforcement. In Trust, Privacy and Security in Digital Business - 4th International Conference, TrustBus 2007, Proceedings. Springer Verlag. 2007. p. 190-200. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-74409-2_21

Situation-based policy enforcement

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this