Abstract
An architecture for CIM-based integrated access control middleware is proposed. The proposed architecture employs CIM standards for managing several access control modules for different resources uniformly in consolidated server environments. CIM standards allow the user of the middleware to look up the target resource information through the common interface, to describe abstract policy with grouping the same type of resources together, and to translate the abstract policy to detailed configurations for each access control module automatically. We evaluated the feasibility of the proposed architecture by a pilot implementation for file access control systems. According to the findings of the evaluation, we propose an extension of the CIM_Directory class to improve operations for exploring directories on user interfaces of the middleware.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Loscocco, P., Smalley, S.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pp. 29–42 (2001)
Wright, C., Cowan, C., Morris, J., Smalley, S., Hartman, G.K.: Linux Security Modules: General Security Support for the Linux Kernel. In: Proceedings of the 11th USENIX Security Symposium, pp. 17–31 (2002)
AppArmor, http://www.novell.com/linux/security/apparmor/overview.html
Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., Doorn, L.: Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor. In: Proceedings of the 21st Annual Computer Security Applications Conference (CSAC), pp. 276–285 (2005)
Spencer, R., Loscocco, P., Smalley, S., Hibler, M., Anderson, D., Lepreau, J.: The Flask Security Architecture: System support for diverse security policies. In: Proceedings of The Eighth USENIX Security Symposium, pp. 123–139 (1999)
Jing, J., Gail-Joon, A.: Towards Secure Information Sharing and Management in Grid Environments. In: Proceedings of Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2006), pp. 1–7 (2006)
Ryutov, T., Neuman, C.: Representation and Evaluation of Security Policies for Distributed System Services. In: Proceedings of DARPA Information Survivability Conference and Exposition, pp. 172–183 (2000)
Common Information Model (CIM) Standards, http://www.dmtf.org/standards/cim/
eXtensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Machida, F., Tadano, K., Kawato, M., Ishikawa, T., Morita, Y., Nakae, M. (2008). CIM-Based Resource Information Management for Integrated Access Control Manager. In: Boursas, L., Carlson, M., Hommel, W., Sibilla, M., Wold, K. (eds) Systems and Virtualization Management. Standards and New Technologies. SVM 2008. Communications in Computer and Information Science, vol 18. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88708-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-88708-9_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88707-2
Online ISBN: 978-3-540-88708-9
eBook Packages: Computer ScienceComputer Science (R0)