Trent Jaeger and Atul Prakash. Implementation of a discretionary access control model for script-based systems. In Proceedings of the 8th IEEE Computer Security Foundation Workshop, pages 70--84, County Kerry, Ireland, June 1995.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....objects. The Collaborative Builder s Environment (CBE) 18] is another toolkit for creating extensible collaboration systems in Java. One interesting feature of their system is that their collaborative objects could also be programs. To address the potential security risks imposed by this, they [17] [38] proposed a constrained execution environment with the least privileges needed by the agents downloaded from the net. Like Li Gong s work, the approach they use lacks the ability to provide run time reconfigurability and adaptability. In [13] Hilarie Orman et al. demonstrate that ....

Trent Jaeger and Atul Prakash. Implementation of a discretionary access control model for script-based systems. In Proceedings of the 8th IEEE Computer Security Foundation Workshop, pages 70--84, County Kerry, Ireland, June 1995.

....third party is responsible for recording transfers and transferring the end result. For example, if P 1 transfers rights to P 2 , and P 2 further transfers rights to P 3 , the trusted third party only passes on P 1 transferring rights to P 3 to any end reference monitors. Jaeger and Prakash [Jaeger Prakash 1995] present a model for discretionary access control in a wide area environment. In their work, principals specify the subset of their privileges that are to be transferred to a script written by a potentially untrusted third party. The actual rights transferred are negotiated between the application ....

T. Jaeger and A. Prakash. "Implementation of a Discretionary Access Control Model for Script-Based Systems". In Proc. of the 8th IEEE Computer Security Foundations Workshop, pp. 70--84, June 1995.

....third party is responsible for recording transfers and transferring the end result. For example, if P 1 transfers rights to P 2 , and P 2 further transfers rights to P 3 , the trusted third party only passes on P 1 transferring rights to P 3 to any end reference monitors. Jaeger and Prakash [Jaeger Prakash 1995] present a model for discretionary access control in a wide area environment. In their work, principals specify the subset of their privileges that are to be transferred to a script written by a potentially untrusted third party. The actual rights transferred are negotiated between the application ....

T. Jaeger and A. Prakash. "Implementation of a Discretionary Access Control Model for Script-based Systems". In Proc. of the 8th IEEE Computer Security Foundations Workshop, pp. 70--84, June 1995.

....which checks the content access rights prior to calling the actual operation. Since these commands are only available in the browser and are protected by the authorization operation, only authorized accesses to system objects are possible. An example is the implementation of the open command in [13] (called safe open) The browser also provides support for controlled execution of external software and network services. When an operation for executing executing external software, the browser must: 1) authorize this execution and prepares for a safe execution; 2) determine a limited access ....

T. Jaeger and A. Prakash. Implementation of a discretionary access control model for scriptbased systems. In Proceedings of the 8th IEEE Computer Security Foundations Workshop, pages 70--84, 1995.

....dynamic information, such as the set of collaborators or the purpose of the collaboration. Therefore, users or collaborative applications need to be able to limit access at runtime. We present an access control model that can flexibly control the access rights of a collaborative process. Our model [11] is designed to restrict the access rights of a process at runtime. The model is simple because users or application writers need to know only a few common classes of objects to specify the access rights of a collaboration. Also, many of the access rights are deduced from the reader s current ....

....the current domain must be permitted the ability to create an instance of the new domain. Thus, the mechanism to create a new domain may be inefficient for large file systems, and it requires that users understand the relationships between domains in order to create a new one. 4 Our Approach In [11], we define a DAC model for specifying the access rights available to a mobile agent. The goal of the DAC model is to enable the reader and writer in a mobile agent computation to flexibly control access to system objects. Therefore, using this DAC model a user can specify any access rights ....

T. Jaeger and A. Prakash. Implementation of a discretionary access control model for scriptbased systems. In Proceedings of the 8th IEEE Computer Security Foundations Workshop, pages 70--84, 1995.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC