Referenced Items are not available for this document.
We propose and evaluate a novel framework for enforcing global coordination and control policies over interacting software components in enterprise computing environments. This framework combines a per-node reference monitor with two existing coordination and control systems to enforce policies that, among other properties, are stateful and communal. Each reference monitor filters messages exchanged between the interacting software components similar to a firewall, passing only messages that are allowed by the policies in effect. This filtering approach decouples coordination and control from application implementation, allowing the coordination and control mechanism and application implementations to evolve independently of each other. We demonstrate the power of our framework by using it to specify and enforce an RBAC policy with delegation, revocation, and separation-of-duty over accesses to a cluster of NFS and SMB file servers without changing any client or server implementations. Measurements show that our framework imposes acceptable overheads when enforcing this policy.
Published in:
Reliable Distributed Systems, 2005. SRDS 2005. 24th IEEE Symposium on
Date of Conference: 26-28 Oct. 2005
- Page(s):
- 119 - 130
- Print ISBN:
- 0-7695-2463-X
- INSPEC Accession Number:
- 8789127
- Digital Object Identifier :
- 10.1109/RELDIS.2005.17
- Product Type:
- Conference Publications
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
