Techniques of Control and Monitoring: Essentials
In order to meet security requirements, the participants, or the security officers acting on behalf of the participants, have to specify security policies at design time, in terms of which agents are permitted or prohibited to perform which operations on
- PDF / 168,522 Bytes
- 6 Pages / 439.37 x 666.142 pts Page_size
- 63 Downloads / 196 Views
8.1 Requirements, Mechanisms and their Quality In order to meet security requirements, the participants, or the security officers acting on behalf of the participants, have to specify security policies at design time, in terms of which agents are permitted or prohibited to perform which operations on which objects. Within the computing system, the permissions and, if applicable, prohibitions actually declared are persistently represented and managed by a knowledge base. For the techniques of control and monitoring and similarly for the variant of certificates and credentials, as introduced in Section 7.2 and visualized in Figure 7.8 and Figure 7.10, respectively, this conceptual knowledge base on permissions and prohibitions is implemented in some suitable way and then employed to take explicit access decisions for dynamically evolving access requests. As a prerequisite, the requesting subjects on the one side and the controlled objects on the other side must be isolated from each other such that each request has to be completely mediated by some appropriate interface. At this interface, the control and monitoring component intercepts every request and then decides whether and to what extent the requested access is actually enabled. Furthermore, requests to update the knowledge base on permissions and prohibitions are intercepted as well, in order to decide whether and to what extent the requested control operations on the knowledge base are actually enabled. In order to take meaningful access decisions, the control and monitoring component must recognize a requesting subject as a participant that is entitled to be permitted or prohibited to act, either by an identifier or by appropriate properties. In each case, the claimed identifier or properties must be verified by a proof of authenticity, in order to avoid impersonation. Finally, despite all efforts, the preventive control mechanisms might fail to achieve the intended goals. Thus prevention should be complemented by additional monitoring mechanisms that observe the actual behavior of participants, and evaluate it as either acceptable or violating.
8.2 Essential Parts In this section we outline further the six essential parts of any instantiation of the techniques of control and monitoring, which we have already mentioned above:
204
• • • • • •
8 Techniques of Control and Monitoring: Essentials
declaration of permissions and prohibitions, control operations, isolation, interception and mediation of messages, proof of authenticity, access decisions, and monitoring.
Furthermore, we shall briefly discuss where to place and how to justify a root of trust for the overall design. More detailed discussions of selected topics are presented in Chapter 9, surveying conceptual access rights, Chapter 10, treating the elements of a security architecture, and Chapter 11, introducing monitoring by logging and intrusion detection with reactions. 8.2.1 Declaration of Permissions and Prohibitions In order to express permissions and prohibitions, we need first of all to co
Data Loading...
