Enforcing Enterprise-wide Policies Over Standard Client-Server Interactions

Orlando, Florida October 26-October 28

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/RELDIS.2005.17

24th IEEE Symposium on Reliable Distr ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Zhijun He Articles by Tuan Phan Articles by Thu D. Nguyen

	ASCII Text	x
	Zhijun He, Tuan Phan, Thu D. Nguyen, "Enforcing Enterprise-wide Policies Over Standard Client-Server Interactions," Reliable Distributed Systems, IEEE Symposium on, pp. 119-131, 24th IEEE Symposium on Reliable Distributed Systems (SRDS'05), 2005.

	BibTex	x
	@article{ 10.1109/RELDIS.2005.17, author = {Zhijun He and Tuan Phan and Thu D. Nguyen}, title = {Enforcing Enterprise-wide Policies Over Standard Client-Server Interactions}, journal ={Reliable Distributed Systems, IEEE Symposium on}, volume = {0}, year = {2005}, isbn = {0-7695-2463-X}, pages = {119-131}, doi = {http://doi.ieeecomputersociety.org/10.1109/RELDIS.2005.17}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Reliable Distributed Systems, IEEE Symposium on TI - Enforcing Enterprise-wide Policies Over Standard Client-Server Interactions SN - 0-7695-2463-X SP119 EP131 A1 - Zhijun He, A1 - Tuan Phan, A1 - Thu D. Nguyen, PY - 2005 KW - null VL - 0 JA - Reliable Distributed Systems, IEEE Symposium on ER -

Zhijun He, Rutgers University

Tuan Phan, Rutgers University

Thu D. Nguyen, Rutgers University

We propose and evaluate a novel framework for enforcing global coordination and control policies over interacting software components in enterprise computing environments. This framework combines a per-node reference monitor with two existing coordination and control systems to enforce policies that, among other properties, are stateful and communal. Each reference monitor filters messages exchanged between the interacting software components similar to a firewall, passing only messages that are allowed by the policies in effect. This filtering approach decouples coordination and control from application implementation, allowing the coordination and control mechanism and application implementations to evolve independently of each other. We demonstrate the power of our framework by using it to specify and enforce an RBAC policy with delegation, revocation, and separation-of-duty over accesses to a cluster of NFS and SMB file servers without changing any client or server implementations. Measurements show that our framework imposes acceptable overheads when enforcing this policy.

Citation:

Zhijun He, Tuan Phan, Thu D. Nguyen, "Enforcing Enterprise-wide Policies Over Standard Client-Server Interactions," srds, pp.119-131, 24th IEEE Symposium on Reliable Distributed Systems (SRDS'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.